Using Medusa for Login Brute-Force Attacks (with examples)

Using Medusa for Login Brute-Force Attacks (with examples)

Medusa is a powerful and flexible command-line tool used for conducting brute-force attacks against various protocols. It is especially useful for testing the security of systems by attempting to crack passwords. In this article, we will explore various use cases of Medusa and the command syntax for each case.

Example 1: Brute Force FTP Server with Usernames and Passwords

medusa -M ftp -h host -U path/to/username_file -P path/to/password_file

Motivation: This example demonstrates how Medusa can be used to perform a brute-force attack on an FTP server. By providing a file containing a list of usernames and a file containing a list of passwords, Medusa will attempt to login using different combinations.

Arguments:

  • -M ftp: Specifies that Medusa should use the FTP module for the attack.
  • -h host: Specifies the target host IP address or hostname.
  • -U path/to/username_file: Specifies the path to a text file containing a list of usernames to try.
  • -P path/to/password_file: Specifies the path to a text file containing a list of passwords to try.

Example Output:

SUCCESS: User 'admin' with password '123456' authenticated successfully on FTP server.
FAILURE: Failed to authenticate with any credential combination.

Example 2: Brute Force HTTP Server with Username, Password, and User-Agent

medusa -M HTTP -h host -u username -p password -m USER-AGENT:"Agent"

Motivation: This example demonstrates how to conduct a login attempt on an HTTP server using a specific username, password, and user-agent. This can be useful in scenarios where login attempts need to mimic a specific user-agent or browser for testing purposes.

Arguments:

  • -M HTTP: Specifies the HTTP module to be used.
  • -h host: Specifies the target host IP address or hostname.
  • -u username: Specifies the username to be tested.
  • -p password: Specifies the password to be tested.
  • -m USER-AGENT:"Agent": Specifies the user-agent string to be used in the HTTP requests.

Example Output:

SUCCESS: Login successful with username 'admin' and password 'password' on the HTTP server.
FAILURE: Login attempt failed with the provided credentials.

Example 3: Brute Force MySQL Server with Usernames and Hash

medusa -M mysql -h host -U path/to/username_file -p hash -m PASS:HASH

Motivation: This example demonstrates how to perform a brute-force attack on a MySQL server using a file containing usernames and a given password hash. This can be useful when a password hash is known, and we want to find the corresponding plain text password.

Arguments:

  • -M mysql: Specifies the MySQL module for the attack.
  • -h host: Specifies the target host IP address or hostname.
  • -U path/to/username_file: Specifies the path to a file containing a list of usernames.
  • -p hash: Specifies the password hash to be tested.
  • -m PASS:HASH: Instructs Medusa to perform a hash-based attack, treating the password argument as a hash.

Example Output:

SUCCESS: Password hash '098f6bcd4621d373cade4e832627b4f6' corresponds to plain text password 'test123' in MySQL.
FAILURE: Could not find any matching plain text passwords for the provided hash.

Example 4: Brute Force List of SMB Servers with Username and Pwdump File

medusa -M smbnt -H path/to/hosts_file -C path/to/pwdump_file -u username -m PASS:HASH

Motivation: This example showcases how Medusa can be used to crack passwords for a list of SMB servers using a specific username and a pwdump file. This can be helpful in penetration testing scenarios to identify weak or easily guessable passwords.

Arguments:

  • -M smbnt: Specifies the SMB module for the attack.
  • -H path/to/hosts_file: Specifies the path to a file containing a list of SMB server hosts.
  • -C path/to/pwdump_file: Specifies the path to a pwdump file that contains captured password hashes.
  • -u username: Specifies the username to be used for authentication.
  • -m PASS:HASH: Instructs Medusa to treat the password argument as a hash for hash-based attacks.

Example Output:

SUCCESS: Successfully cracked password for the user 'admin' on SMB server '192.168.1.100'.
FAILURE: Unable to crack any passwords for the provided usernames.

In this article, we explored different use cases of Medusa, a versatile login brute-forcer tool, and provided detailed explanations of each use case. By utilizing Medusa’s various command-line options and modules, security professionals can conduct password strength assessments and test the security of different systems. However, it is important to note that using Medusa for any unauthorized activity is strictly illegal and unethical.

Related Posts

How to use the command `solo` (with examples)

How to use the command `solo` (with examples)

The solo command is designed to interact with Solo hardware security keys.

Read More
How to use the command compose (with examples)

How to use the command compose (with examples)

The compose command is an alias for the run-mailcap action “compose”.

Read More
How to use the command 'ansible-doc' (with examples)

How to use the command 'ansible-doc' (with examples)

The ‘ansible-doc’ command is a useful tool in Ansible that allows you to access documentation on modules and plugins installed in Ansible libraries.

Read More