How to Use the Command 'medusa' (with Examples)

How to Use the Command 'medusa' (with Examples)

Medusa is a powerful and versatile tool designed for security professionals and network administrators to perform brute force attacks against various network protocols. It is modular and parallel in nature, providing the ability to test multiple login credentials concurrently. By leveraging Medusa, users can assess the strength of authentication mechanisms within their infrastructure and identify potential vulnerabilities. Below are detailed examples and explanations for using Medusa in different scenarios.

Use case 1: Listing All Installed Modules

Code:

medusa -d

Motivation:

Before conducting any brute force attacks, it is crucial to understand what modules are available. Medusa supports a variety of protocols through its modular system, and listing them helps users know which services they can target. This step is foundational, especially for new users or those assessing the tool’s capabilities on a particular system.

Explanation:

  • -d: This option tells Medusa to display all the installed modules. Each module corresponds to a different protocol that Medusa can target (e.g., SSH, HTTP, MySQL).

Example Output:

Available modules:
  ssh
  http
  web-form
  postgres
  ftp
  mysql
  smbnt
  ...

Use case 2: Show Usage Example of a Specific Module

Code:

medusa -M ssh -q

Motivation:

Once the desired module is identified, users often need guidance on how to use it effectively. By querying a specific module, users can understand its required and optional parameters. This is particularly helpful in setting up the command correctly for a tailored and efficient brute force attack.

Explanation:

  • -M ssh: Specifies that the SSH module is to be used. The -M flag is for selecting the module.
  • -q: Displays a brief usage example of the selected module, highlighting the various parameters available for configuration.

Example Output:

Usage: medusa -M ssh -h host [-u username] [-p password] [-U username_file] [-P password_file]

Use case 3: Execute Brute Force Against an FTP Server

Code:

medusa -M ftp -h example.com -U /path/to/username_file -P /path/to/password_file

Motivation:

Conducting a brute force attack against an FTP server can help ensure its security and verify if weak credentials exist. Using a list of potential usernames and passwords, administrators can test the robustness of their user account protections and take necessary steps to strengthen them if needed.

Explanation:

  • -M ftp: Selects the FTP module for performing the attack, indicating that the target service is an FTP server.
  • -h example.com: Specifies the target host performing the attack. Replace example.com with the actual target hostname or IP address.
  • -U /path/to/username_file: Points to a file containing the list of usernames to test. This option helps in automating the attack on multiple accounts.
  • -P /path/to/password_file: Similar to the username file, this specifies a file with potential passwords to try against each username.

Example Output:

Medusa v2.2 [http://www.foofus.net/~jmk/medusa/ ] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ACCOUNT CHECK: [ftp] Host: example.com (1 of 1) Users: 5 Passwords: 10
...

Use case 4: Execute a Login Attempt Against an HTTP Server

Code:

medusa -M HTTP -h example.com -u admin -p secret -m USER-AGENT:"Agent"

Motivation:

This use case is useful for testing specific login credentials against an HTTP server, often as part of penetration testing or security audits. The ability to customize the user-agent string allows simulating different browsers or devices, providing insights into how the server responds to various clients.

Explanation:

  • -M HTTP: Chooses the HTTP module, indicating that the target is an HTTP server.
  • -h example.com: Designates the hostname or IP address of the server to test.
  • -u admin: Specifies the username to be used in the login attempt.
  • -p secret: Provides the password to accompany the username.
  • -m USER-AGENT:"Agent": Sets a custom user-agent string in the HTTP request headers. This can be critical for bypassing some server security configurations that check for specific agents.

Example Output:

LOGIN SUCCESSFUL: [HTTP] Host: example.com User: admin Password: secret

Use case 5: Execute a Brute Force Against a MySQL Server

Code:

medusa -M mysql -h example.com -U /path/to/username_file -p hash -m PASS:HASH

Motivation:

Here, the focus is on securing MySQL databases by testing their resilience to brute force attacks using hashed passwords. Understanding if hashed or encrypted passwords effectively protect against unauthorized access is pivotal for database security.

Explanation:

  • -M mysql: Indicates the use of the MySQL module for connecting to a MySQL server.
  • -h example.com: Identifies the address of the target MySQL server.
  • -U /path/to/username_file: Refers to a list of usernames for the brute force attempt.
  • -p hash: Uses a password hash instead of a plaintext password, adding complexity and realism to the attack method.
  • -m PASS:HASH: Specifies that the password being tested is a hash, instructing Medusa to handle it appropriately.

Example Output:

FAILED LOGIN. user:'root' pass:'<hash>' 
Successful login attempts:
None

Use case 6: Execute a Brute Force Against SMB Servers Using a pwdump File

Code:

medusa -M smbnt -H /path/to/hosts_file -C /path/to/pwdump_file -u admin -m PASS:HASH

Motivation:

Testing against SMB servers using pwdump files enables administrators to simulate attacks that leverage hashed credentials similar to those that might be stolen during a security breach. This method gives insights into the potential damage an attacker could do with access to such information.

Explanation:

  • -M smbnt: Selects the SMB module, specifically targeting SMB servers.
  • -H /path/to/hosts_file: Indicates a file containing a list of SMB host addresses to target.
  • -C /path/to/pwdump_file: Utilizes a pwdump file containing hashed passwords. This file represents extracted password hashes and related data.
  • -u admin: Specifies a username to attack, here “admin,” which might have elevated privileges.
  • -m PASS:HASH: Indicates using password hashes in the login attempts.

Example Output:

ACCOUNT CHECK: [smbnt] Host: 192.168.1.10 (1 of 5) User: admin Hash: bcc50ef0cdf939b7c5c6
No authentication required connection established

Conclusion:

Medusa is a diverse and adaptable tool crucial for identifying and addressing security vulnerabilities in various network protocols. By understanding these use cases and how to configure Medusa appropriately, security practitioners can effectively simulate real-world attacks and bolster their network defenses.

Related Posts

How to Add Borders to PNM Images Using the 'pnmmargin' Command (with examples)

How to Add Borders to PNM Images Using the 'pnmmargin' Command (with examples)

The pnmmargin command is part of the Netpbm toolkit, a suite of programs used for manipulating PNM (Portable AnyMap) images.

Read More
How to Use the Command 'Install-NodeVersion' (with Examples)

How to Use the Command 'Install-NodeVersion' (with Examples)

The Install-NodeVersion command is a PowerShell command that enables users to install various Node.

Read More
How to Use the Command 'ibmcloud' (with Examples)

How to Use the Command 'ibmcloud' (with Examples)

The ibmcloud command is a versatile command-line tool designed for managing and administering IBM Cloud applications and services.

Read More