In this post, you will learn what is medusa and how does the tool work and also you will learn all the command of the medusa tool and below is the video format of the post, Check it out ????
What is medusa❓
Medusa is a password cracking tool. This is one of my favourite password cracking tools.
Medusa tool is open-source and it is very easy to use this tool. The user should know only three commands to do a password attack using medusa the three commands are the target, username and password.
The goal is to support as many services which allow remote authentication as possible. Interestingly the medusa tool has got modules in it and you can specify which service to brut-force.
What all the medusa tool can do
- Thread-based parallel testing.
- Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
- Flexible user input.
- Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
- Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
- Multiple protocols supported. Many services are currently supported (e.g. SMB, HTTP, POP3, MS-SQL, SSHv2, among others)
Useful commands in medusa tool
- -h [TEXT] : Target hostname or IP address
- -H [FILE]: File containing target hostnames or IP addresses
- -u [TEXT] : Username to test
- -U [FILE]: File containing usernames to test
- -p [TEXT] : Password to test
- -P [FILE]: File containing passwords to test
- -C [FILE]: File containing combo entries. See README for more information.
- -O [FILE]: File to append log information to
- -e [n/s/ns] : Additional password checks ([n] No Password, [s] Password = Username)
- -M [TEXT]: Name of the module to execute (without the .mod extension)
- -m [TEXT]: Parameter to pass to the module. This can be passed multiple times with a
- -d: Dump all known modules
- -n [NUM] : Use for non-default TCP port number
- -s: Enable SSL
- -g [NUM]: Give up after trying to connect for NUM seconds (default 3)
- -r [NUM] : Sleep NUM seconds between retry attempts (default 3)
- -R [NUM]: Attempt NUM retries before giving up. The total number of attempts will be NUM + 1.
- -c [NUM]: Time to wait in use to verify socket is available (default 500 uses).
- -t [NUM]: Total number of logins to be tested concurrently
- -T [NUM]: Total number of hosts to be tested concurrently
- -L: Parallelize logins using one username per thread. The default is to process
- -f: Stop scanning host after first valid username/password found.
- -F: Stop audit after first valid username/password found on any host.
- -b: Suppress startup banner
- -q: Display module’s usage information
- -v [NUM] : Verbose level [0 – 6 (more)]
- -w [NUM] : Error debug level [0 – 10 (more)]
- -V: Display version
- -Z [TEXT]: Resume scan based on a map of the previous scan
How to work with medusa
Just follow the below examples and I am sure by end of the example you will be familiar with the tool. Concentrate carefully, If you have any doubt comment down below or watch the video I made.
Example1, Password craking using specific username & password
To crack the password using a specific username and password just enter the below command. For this method, you can try only one specific username with one specific password.
medusa -h 192.168.1.37 -u msfadmin -p msfadmin -M ftp
-h: Target (You can also enter IP or Domain name)
-u: Specific username command
-p: Specific password command
-M: Module (You can enter the service you are going to do password cracking)
Example2, Cracking random username & password
Now, let’s crack random usernames and passwords. So, that we are using the capital -U and -P command
medusa -h 192.168.1.37 -U user1.txt -P pass1.txt -M ftp
-U: Random username (Specify the file)
-P: Random password list(Specify the file)
Example3, Bruteforcing on multiple host
To brute force on multiple hosts, Create a file and add the target hosts. Below is the command to do brute force on multiple hosts.
medusa -H host1.txt -U user1.txt -P pass1.txt -M ftp
Example4, Brute force on specific port
To brute-force on a specific port just use the -n command like this ????????
medusa -h 192.168.1.37 -u msfadmin -p msfadmin -M ssh -n 22
Exmple5, Saving every login attempts in log file
Saving login attempts in a log file is great. So, that you can view the logs anytime.
medusa -h 192.168.1.37 -u msfadmin -p msfadmin -M ssh -n 22 -O log.txt
-O: logfile command
The verbose mode in medusa gives deep detail on what is happening and the verbose level is from level 0 to level 6
medusa -H target -U user.txt -P pass.txt -M ftp -v 2
medusa -H target -U user.txt -P pass.txt -M ftp -v 6
In summary, medusa is a great tool and I use this tool very often and I suggest you use this tool.
An alternative for the medusa tool is john the ripper, hash cat and many tools are out there. Do check out our password cracking menu and learn everything about password cracking.
Also Read: Password cracking using the twofi tool