AuthorPat ArchivesCategories |
Back to Blog
Pop3 Brute Force Cracker9/19/2021
The figure below shows my results after testing the credentials on filezilla.What is Medusa Medusa is a speedy, parallel, and modular, login brute-for c er.The goal of medusa is to brute-force credentials in as many protocols as possible which eventually lead to remote code execution.Taking a closer look at Medusa, we can highlight three features that in my opinion are some of the key features of Medusa.
These are: Thread-based parallel testing Refers to the possibility of brute-force testing against multiple hosts, users or passwords concurrently. Flexible user input Refers to using target user information (hostuserpassword) that you have collected on your information gathering stage and use that info as an input that helps medusa do a more defined than broad brute-forcing on the targets. Modular design An interesting function of medusa is each service module exists as an independent.mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing. Now that you have a basic idea of what tool and what kind of features we are dealing with its time to go hands-on Installation of Medusa on Kali Linux Fortunately, for Kali users, Kali comes with Medusa pre-installed. For Linux distribution navigate to password cracking on the applications menu and you will find it there. If you dont have medusa installed, run the following command on your terminal to install medusa sudo apt-get install medusa After a successful install lets run it by typing Type: medusa Once you run the medusa command, you will be presented with a screen explaining the medusa syntax. Syntax: Medusa -h host-H file -u username-U file -p password-P file -C file -M module OPT The following are the commands that are mostly used with medusa. M TEXT: Name of the module to execute (without the.mod extension) With the syntax understood, this is what you will need to test and practice while using Medusa What you need: A target, in my case Ill use metasploitable on my virtual machine. If you are using metasploitable as a target lets fire it up and start by checking for open ports using nmap by running nmap followed by the ip address of the target machine. In my case: nmap 192.168.0.123 This will give you the list of open ports that we can use to exploit our target machine. The figure below shows the open ports in my metasploitable machine. The following are the possible scenarios in which you can use medusa: 1. Unknown username and password Our first scenario assumes we do not have both the username and password for our target but we have an idea of what they might be so we create two files. This file will contain all possible usernames and passwords that we will pass to Medusa to try and crack. Then we are going to open medusa and run the following command: Medusa U (the location of your username file) P (the location of your password file) h (the hosts IP address) M (the service you want to use.) M specifies the service that runs on the port you want to exploit. After running the command we get a success showing the username and the password of my metasploitable machine as shown below. Known username no password We can also have a known username and all we need is to find the password, in that case all we need to do is come up with a list of all the possible passwords and run the following command: medusa -h 192.168.0.123 -u msfadmin -P rootDocumentspasswordlist.txt -M ftp In this case since we have the username we are going to put it in the command but we are going to use lower case u, for the password we are going to insert the location of our password file. After running the command medusa is going to go through all the passwords in your word list and try to find a match for the given host and the specific username. The figure below shows the password that medusa matched to my username. Known password no username The other scenario is one where you have the password and you do not have the username. Here you are going to have a word list which contains all the possible usernames and then run the following command: medusa -h 192.168.0.123 -U rootDocumentsuserlist.txt -p msfadmin -M ftp Make sure you replace my target IP with your target IP and the location of my username files with yours. After running the above command, medusa is going to go through all the possible usernames and find one that matches the host and the specific password. It gives you the username to the password. Multiple hosts You can use medusa to brute force multiple hosts for the login credentials using the following command. All youll need is the target IP address, the username, the password and the port number of the port you used.
0 Comments
Read More
Leave a Reply. |