Unlock cybersecurity expertise, protect digital frontiers, secure your future today! Join Now
Home
Cyber Security

Medusa: A Comprehensive Guide to Password Cracking and Bruteforce Tools

Medusa is a powerful password-cracking tool used for brute-force attacks on various network protocols, helping assess system security.

Medusa is a popular and powerful password-cracking tool used by security professionals and ethical hackers to conduct brute-force and dictionary attacks on various network protocols. With the capability to attack different protocols such as SSH, FTP, HTTP, Telnet, and others, Medusa is widely used for penetration testing and auditing the strength of passwords in a given network.

This article will explore the features and capabilities of Medusa, including how to use it to crack passwords, attack specific ports, and more. Additionally, we will cover detailed output analysis and explain the various commands and options available within Medusa.


 

1. Password Cracking for Specific Username

One of Medusa’s most useful features is the ability to target a specific username while cracking the password. This is especially useful when you have a list of potential usernames, and you want to check which password is associated with each.

medusa -h <hostname> -u <username> -P <password-list> -M <protocol>
  • -h <hostname>: Specifies the target machine (IP address or hostname).
  • -u <username>: The username you want to target.
  • -P <password-list>: A list of passwords that Medusa will attempt.
  • -M <protocol>: The protocol used for the attack, such as ssh, ftp, http, etc.

This command would initiate a brute-force attack on the specified username for the selected protocol.

2. Username Cracking for Specific Password

In contrast to targeting a specific username, Medusa can also be used to crack usernames when a known password is suspected. This is ideal for scenarios where you know a password (e.g., a company-wide default password) but aren’t sure which user accounts are using it.

medusa -h <hostname> -p <password> -U <username-list> -M <protocol>
  • -h <hostname>: The target machine.
  • -p <password>: The password you want to crack.
  • -U <username-list>: A list of usernames to try.
  • -M <protocol>: The protocol for the brute-force attack.

This command will attempt the specified password against every username in the given list for the chosen protocol.

3. To Crack Login Credentials

Cracking login credentials requires both the username and password. Medusa’s flexibility allows it to run attacks against many protocols simultaneously, testing credentials against remote services to find valid logins.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol>
  • -h <hostname>: Target server.
  • -U <username-list>: A list of usernames.
  • -P <password-list>: A list of passwords.
  • -M <protocol>: Protocol for login credentials (e.g., ssh, ftp).

This will try all combinations of the usernames and passwords against the specified protocol, performing a brute-force login attempt.

4. Brute Force on Multiple Hosts

Medusa allows attackers to simultaneously attack multiple hosts in parallel. This feature is useful when testing several machines at once, such as in a corporate network or a testing environment.

medusa -H <hostlist-file> -U <username-list> -P <password-list> -M <protocol>
  • -H <hostlist-file>: A file containing a list of target hosts (one per line).
  • -U <username-list>: A file or list of usernames.
  • -P <password-list>: A file or list of passwords.
  • -M <protocol>: Specifies the protocol (e.g., ssh, ftp, etc.).

This command will execute a brute-force attack on all hosts listed in the file, attempting all combinations of usernames and passwords.

5. To Attack a Specific Port Rather Than the Default

Medusa allows users to specify a custom port number for the target service instead of using the default port. This is useful if the target service is running on a non-standard port.

medusa -h <hostname> -p <port> -U <username> -P <password-list> -M <protocol>
  • -p <port>: The specific port number to attack.
  • -U <username>: The username.
  • -P <password-list>: The password list.
  • -M <protocol>: The protocol.

By using this command, you can target a service running on a non-default port for brute-force attempts.

6. Additional Password Checks (Null/Same)

Medusa allows you to check for empty or identical passwords. This can be useful for identifying weak or poorly configured accounts that may have no password or the same password as the username.

medusa -h <hostname> -u <username> -P <password-list> -M <protocol> -p
  • -p: Enables the null password check (blank password) and identical password check (password equals username).

This allows Medusa to test empty and simple passwords alongside more complex ones.

7. To Save Logs in a File

It is often important to save the output of a brute-force attack for further analysis. Medusa allows you to save the logs to a file.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol> -o <output-file>
  • -o <output-file>: Specifies the file where the results will be saved.

Using this command, you can easily save the attack results for later review.

8. Stop on Success

Medusa offers the option to stop the attack once a valid login is found. This can save time by terminating further attempts once the correct credentials have been identified.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol> -S
  • -S: Stop the attack as soon as a valid login is found.

This command is helpful when you only need to verify one set of credentials, rather than continuing the attack indefinitely.

9. To Suppress Start-up Banner

Medusa has an option to suppress the start-up banner that typically displays when the tool is executed. This can make the attack more discreet, especially when running in an environment where avoiding detection is critical.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol> -B
  • -B: Suppress the start-up banner.

This is useful for making the tool’s execution less noticeable to security monitoring systems.

10. Verbose Mode

Verbose mode increases the level of detail displayed during an attack, providing more information about what the tool is doing in real-time. This is useful for monitoring progress or diagnosing issues.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol> -v
  • -v: Enable verbose mode, showing additional details.

This option will print out additional information during the attack, including status updates, attempted logins, and errors.

11. Error Debug Level

Medusa allows for a higher debug level for error messages, providing more insight into any issues that occur during the brute-force process.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol> -d <level>
  • -d <level>: Specify the debug level (e.g., 1, 2, 3, etc.).

This command will show more detailed error messages based on the debug level you set.

12. Using Combo Entries

Medusa supports combo entries, where the username and password are in the same list. This is convenient if you want to test combinations where the username and password might be the same or are directly related.

medusa -h <hostname> -C <combo-list> -M <protocol>
  • -C <combo-list>: A file containing combined username and password pairs (each pair separated by a colon).

This command allows you to perform a brute-force attack using a combined list of usernames and passwords.

13. Concurrent Testing on Multiple Logins

Medusa can also perform concurrent testing, which means attempting multiple login combinations simultaneously. This is helpful for speeding up attacks when you have a list of usernames and passwords.

medusa -h <hostname> -U <username-list> -P <password-list> -M <protocol> -t <threads>
  • -t <threads>: Specifies the number of concurrent threads to use during the attack.

This option enables faster testing by running multiple attempts at once, making the attack more efficient.

14. Display Module Usage Information

To get detailed information about the usage of specific Medusa modules, you can use the following command. This is useful when you need help understanding which modules are available and how to use them.

medusa -M <protocol> -h
  • -M <protocol>: Specifies the module (protocol).
  • -h: Displays help and usage information for the specified module.

This command provides details on the available options and configurations for a specific module.

Conclusion

Medusa is a versatile and powerful tool for password cracking and brute-force attacks. It allows security professionals to perform targeted testing on a variety of protocols and services. By understanding and utilizing Medusa’s features, ethical hackers and penetration testers can assess the strength of passwords and improve the security posture of their systems.