Medusa is described as a “speedy, massively parallel, modular, login brute-forcer” with modules available to support almost any service that allows remote authentication using a password, including: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, POP3, PostgreSQL, SMTP-AUTH, Telnet and VNC. Medusa has been designed to run faster than Hydra by using thread-based (rather than Hydra’s process-based) parallel testing to attempt to log in to multiple hosts or users concurrently.
Medusa 2.0 How-To
Download medusa-2.0.tar.gz to a suitable directory
Decompress the medusa tarball
Navigate to the resulting Medusa folder
Perform the usual Linux OS make-install procedure:
Getting a Wordlist
Put simply, Medusa works by contacting a service, such as a web login or FTP server, and attempting to log in using different usernames and passwords. To test the password strength of a particular user you need a wordlist containing all the passwords you want Medusa to try. You can find free and commercial wordlists at many places on the Internet, including the following:
Checkout this page for some good wordlists!
You can also generate your own wordlists by using an existing wordlist and applying “mangling” rules, such as substituting “@” for “a” or adding digits to the start or end of each word. Tools such as the multi-platform open source software John the Ripper allow you to do this. Get it Here: http://adf.ly/5125752/john-the-ripper
Medusa is a command-line only tool, so using this open source software is a matter of building up an instruction from the command line. Let’s imagine we want Medusa to connect to a network router at IP address 192.168.1.1 using the default username “admin”, to test how easy it would be to find the password. To do this, we will use the wordlist hugewordlist.txt (mentioned earlier). Since we know that the router administrator has a dog called Fido and two children called Alice and Bob, it’s worth adding these names to the beginning of the hugewordlist.txt textfile, along with the company name, and other site specific words…
To use Medusa, the following must be specified:
The host “192.168.1.1” to connect to, using the -h switch
The user name “admin” to connect with, using the -u switch
The name of the textfile containing the list of passwords to try, using the -P switch
The module to use for the service we are contacting (in this case http) using the -M switch
So the command we must use is:
medusa -h 192.168.1.1 -u “admin” -P c:/file/directory/hugewordlist.txt -M http
On my sample network, Medusa was able to test about 2,000 passwords per minute.
What happens if you want to test the passwords of many different users, instead of a single fixed username such as “admin”?
You would load a username file, just like you did a password file.
If Medusa is able to find any passwords, it is wise to check if they conform to your password policy. If so, then your password policy must be tightened. If not, then you may decide to contact the users concerned to highlight the risks of using bad passwords that breach your security policy and ensure that the passwords in question are changed.
More Information on Medusa
To see a list of all the possible switches, simply enter
To display the service modules are installed, type
More examples of Medusa’s command-line options are available, but the best way to learn how use it is simply to download it and start using it.