• home
  • drivers & patch
  • tutorials
  • pentest-tools
  • wordlists
    • wordlists-tools
  
Tweet My status    Share

Install Medusa Password Cracker


Installing Medusa Password Cracker

Medusa is a fast Password Cracker of various network protocols, FTP, HTTP, IMAP, MS-SQL, SMB, POP3, SSH, RLOGIN, etc.. etc.., for complete list, visit the official Website of the project.

One of the most immediate use is to assist network administrators for "recovery" the credentials (password) to access may have been lost in the first configuration page of modem/wireless router.

Other most common uses are: the recovery of credentials including access to forums, websites, email accounts, passwords of clients connected to the LAN, etc.. etc..

This tool is already installed by default in the Linux distribution like BackTrack, distro dedicated to penetration testing, so I will explain the options to install it and use on Ubuntu.


NOTE: Follow one of this two types of installation: Repositories or by compiling the source code

Installing Medusa Password Cracker from Ubuntu repository through Synaptic
(first option)

First update your OS and install these ESSENTIAL and recommended package

NOTE: Before continuing, make sure NOT to be active in Synaptic the repository "Proposed" and "Backports"


Copy sudo dpkg --configure -a && sudo apt-get install -f && sudo apt-get update Copy sudo apt-get install linux-headers-$(uname -r) build-essential make patch subversion openssl libssl-dev libncp-dev libpq-dev libgcrypt11-dev libgnutls-dev libsvn-dev zlib1g-dev libssh2-1-dev libnl-dev gettext autoconf tcl8.5 libpcap0.8-dev python-scapy python-dev cracklib-runtime macchanger-gtk tshark ethtool
Copy sudo apt-get install medusa

Compile the latest version of Medusa Password Cracker on Ubuntu
[RECOMMENDED OPTION]


Copy cd /opt Copy sudo wget http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz -O - | sudo tar -xvz Copy cd medusa* Copy ./configure Copy sudo make && sudo make install

To view the available modules and options type the following command:


Copy medusa -q

How to use Medusa

Preliminary step before using Medusa

  • Identify the target (Network/Access Point) using the suite of Aircrack-ng.
    (for the first test choose an AP with OPEN encryption)

  • Connect to the Network (Access Point)

  • Get the IP address of the LAN Network and Gateway.

  • Execute Medusa or Hydra using a wordlists/dictionaries for "bruteforce" the initial configuration page of (Log-in) the Router "target".


Let's do a test for educational purposes testing our wireless network, assuming you have forgotten your login credentials to the main page/setup of our modem router.

After connecting to the Access Point, we obtain the first information we need, which is the primary IP address of the router and the Gateway to which we are connected:


Copy route -n

And in response, you will have the display of the various IP (network address) of the LAN to which you are currently connected.


bruteforce router key con with medusa password cracker

Obtained IP address of the Gateway (in this example 192.168.1.1) we see how we can help Medusa.


Copy medusa -h 192.168.1.1 -U ~/hacking/user-router.txt -P ~/hacking/psw-router.txt -M http -t 1 -e ns -f -v 4 [medusa -h "Target_IP_Address" -U "User_Names_File" -P "Path_To_Passwords_File" -M "Module_Protocol"]

Let "work" the program and if everything is successful, the shell will display the parameters needed for access --> User name and password.


crack password con medusa

To verify the credentials obtained, (username and password) launch your favorite Internet browser and type in the address bar the IP address (primary address) to invoke the default page of your router, which in our example will be the 192.168.1.1


crack router password con medusa

When presented the initial Log-In page, enter the "username" and "password" previously obtained using Medusa:


Medusa cracking tool

Another program of the same "family" and is equally effective is Hydra, of which there is also a version with a convenient graphical user interface (GUI), called Xhydra.

Medusa, to be used effectively, requires a valid password file (dictionary/wordlist), so for your initial testing, you can download these optimized dictionaries, containing the "username" and "password" of the most common modem/router on the market.

Dictionary/wordlist for Medusa or Xhydra:

[ ]Default router password/wordlist for Medusa & Hydra

Suggestions:

- For convenience, place the dictionaries in your work directory, which is where you run the program.

- Do not use huge dictionaries, those posted are already optimized with "user" and "password" of the most common routers.


Medusa project Website: Foofus.net


Enjoy, Jano

Written: 05/Nov/2008
Updated: 06/Jul/2012
Disclaimer


Ubuntu Logo
Aircrack-ng Logo


 In this Site & Aircrack-ng
To support this site


©2010-2012 JanoWeb.NET | All Rights Reserved | Terms & Policy |
Valid XHTML 1.0 TransitionalValid CSS 3Creative Commons Licenses WebSite Reputation