Medusa is a fast Password Cracker of various network protocols, FTP, HTTP, IMAP, MS-SQL, SMB, POP3, SSH, RLOGIN, etc.. etc.., for complete list, visit the official Website of the project.
One of the most immediate use is to assist network administrators for "recovery" the credentials (password) to access may have been lost in the first configuration page of modem/wireless router.
Other most common uses are: the recovery of credentials including access to forums, websites, email accounts, passwords of clients connected to the LAN, etc.. etc..
This tool is already installed by default in the Linux distribution like BackTrack, distro dedicated to penetration testing, so I will explain the options to install it and use on Ubuntu.
NOTE: Before continuing, make sure NOT to be active in Synaptic the repository "Proposed" and "Backports"
sudo dpkg --configure -a && sudo apt-get install -f && sudo apt-get update
Copy
sudo apt-get install linux-headers-$(uname -r) build-essential make patch subversion openssl libssl-dev libncp-dev libpq-dev libgcrypt11-dev libgnutls-dev libsvn-dev zlib1g-dev libssh2-1-dev libnl-dev gettext autoconf tcl8.5 libpcap0.8-dev python-scapy python-dev cracklib-runtime macchanger-gtk tshark ethtool
sudo apt-get install medusa
cd /opt
Copy
sudo wget http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz -O - | sudo tar -xvz
Copy
cd medusa*
Copy
./configure
Copy
sudo make && sudo make install
To view the available modules and options type the following command:
medusa -q
Identify the target (Network/Access Point) using the suite of Aircrack-ng.
(for the first test choose an AP with OPEN encryption)
Connect to the Network (Access Point)
Get the IP address of the LAN Network and Gateway.
Execute Medusa or Hydra using a wordlists/dictionaries for "bruteforce" the initial configuration page of (Log-in) the Router "target".
Let's do a test for educational purposes testing our wireless network, assuming you have forgotten your login credentials to the main page/setup of our modem router.
After connecting to the Access Point, we obtain the first information we need, which is the primary IP address of the router and the Gateway to which we are connected:
route -n
And in response, you will have the display of the various IP (network address) of the LAN to which you are currently connected.
Obtained IP address of the Gateway (in this example 192.168.1.1) we see how we can help Medusa.
medusa -h 192.168.1.1 -U ~/hacking/user-router.txt -P ~/hacking/psw-router.txt -M http -t 1 -e ns -f -v 4
[medusa -h "Target_IP_Address" -U "User_Names_File" -P "Path_To_Passwords_File" -M "Module_Protocol"]
Let "work" the program and if everything is successful, the shell will display the parameters needed for access --> User name and password.
To verify the credentials obtained, (username and password) launch your favorite Internet browser and type in the address bar the IP address (primary address) to invoke the default page of your router, which in our example will be the 192.168.1.1
When presented the initial Log-In page, enter the "username" and "password" previously obtained using Medusa:
Another program of the same "family" and is equally effective is Hydra, of which there is also a version with a convenient graphical user interface (GUI), called Xhydra.
Medusa, to be used effectively, requires a valid password file (dictionary/wordlist), so for your initial testing, you can download these optimized dictionaries, containing the "username" and "password" of the most common modem/router on the market.
- For convenience, place the dictionaries in your work directory, which is where you run the program.
- Do not use huge dictionaries, those posted are already optimized with "user" and "password" of the most common routers.
Medusa project Website:
Foofus.net
Enjoy, Jano
Written: 05/Nov/2008