Install Medusa Password Cracker
Medusa is a fast Password Cracker of various network protocols, FTP, HTTP, IMAP, MS-SQL, SMB, POP3, SSH, RLOGIN, etc.. etc.., for complete list, visit the official Website of the project.
One of the most immediate use is to assist network administrators for "recovery" the credentials (password) to access may have been lost in the first configuration page of modem/wireless router.
Other most common uses are: the recovery of credentials including access to forums, websites, email accounts, passwords of clients connected to the LAN, etc.. etc..
This tool is already installed by default in the Linux distribution like BackTrack, distro dedicated to penetration testing, so I will explain the options to install it and use on Ubuntu.
NOTE: Follow one of this two types of installation: Repositories or by compiling the source code
Installing Medusa from Ubuntu repository through Synaptic
First update your OS and install these ESSENTIAL and recommended package
NOTE: Before continuing, make sure NOT to be active in Synaptic the repository "Proposed" and "Backports"
Code:Installing Medusa Password Cracker from Ubuntu repository through Synaptic
(first option)
Code:
Compile the latest version of Medusa Password Cracker on Ubuntu
[RECOMMENDED OPTION]
Code:
To view the available modules and options type the following command:
Code:How to use Medusa
Preliminary step before using Medusa
-
Identify the target (Network/Access Point) using the suite of Aircrack-ng.
(for the first test choose an AP with OPEN encryption) -
Connect to the Network (Access Point)
-
Get the IP address of the LAN Network and Gateway.
-
Execute Medusa or Hydra using a wordlists/dictionaries for "bruteforce" the initial configuration page of (Log-in) the Router "target".
Let's do a test for educational purposes testing our wireless network, assuming you have forgotten your login credentials to the main page/setup of our modem router.
After connecting to the Access Point, we obtain the first information we need, which is the primary IP address of the router and the Gateway to which we are connected:
Code:And in response, you will have the display of the various IP (network address) of the LAN to which you are currently connected.
Obtained IP address of the Gateway (in this example 192.168.1.1) we see how we can help Medusa.
Code:Let "work" the program and if everything is successful, the shell will display the parameters needed for access --> User name and password.
To verify the credentials obtained, (username and password) launch your favorite Internet browser and type in the address bar the IP address (primary address) to invoke the default page of your router, which in our example will be the 192.168.1.1
When presented the initial Log-In page, enter the "username" and "password" previously obtained using Medusa:
Another program of the same "family" and is equally effective is Hydra, of which there is also a version with a convenient graphical user interface (GUI), called Xhydra.
Medusa, to be used effectively, requires a valid password file (dictionary/wordlist), so for your initial testing, you can download these optimized dictionaries, containing the "username" and "password" of the most common modem/router on the market.
Dictionary/wordlist for Medusa or Xhydra:
![[ ]](/icons/tar.png){kind=icon}
Default router password/wordlist for Medusa & Hydra
NOTE:
For convenience, place the dictionaries in your "work" directory, that is where you run the program.
SUGGESTION:
Not too cumbersome dictionaries, those posted, are already optimized with "use"r and "password" of the most common routers used in Italy.
Medusa project Website:
Foofus.net
Enjoy, Jano
Written: 05/Nov/2008Updated: 19/Gen/2012
Disclaimer
Italian version: Installazione di Medusa Password Cracker
