Backtrack 5 r1
medusa -h (IP Address) -u (Username) -P (Location of password file) -M telnet -t1 -f -e ns
root@bt:~# medusa -h 192.168.0.1 -u admin -P /pentest/passwords/wordlists/darkc0de.lst -M rlogin -t1 -f -e ns
modules you can scan instead of telnet
ftp – 21
http – 80
imap – 143
mssql – 1433
mysql – 3306
ncp – 524
nntp – 119
pcanywhere – 5631
pop3 – 110
postgres – 5432
rexec – 512
rlogin – 513
rsh – 514
smbnt
smtp – 25
smtp-vrfy
snmp – 161
ssh – 22
svn – 3690
telnet – 23
vmauthd
vnc – 5900
web-form
wrapper
modules location
/usr/local/lib/medusa/modules/
Medusa v2.0 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>
ALERT: User logon information must be supplied.
Syntax: Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
-h [TEXT] : Target hostname or IP address
-H [FILE] : File containing target hostnames or IP addresses
-u [TEXT] : Username to test
-U [FILE] : File containing usernames to test
-p [TEXT] : Password to test
-P [FILE] : File containing passwords to test
-C [FILE] : File containing combo entries. See README for more information.
-O [FILE] : File to append log information to
-e [n/s/ns] : Additional password checks ([n] No Password, [s] Password = Username)
-M [TEXT] : Name of the module to execute (without the .mod extension)
-m [TEXT] : Parameter to pass to the module. This can be passed multiple times with a
different parameter each time and they will all be sent to the module (i.e.
-m Param1 -m Param2, etc.)
-d : Dump all known modules
-n [NUM] : Use for non-default TCP port number
-s : Enable SSL
-g [NUM] : Give up after trying to connect for NUM seconds (default 3)
-r [NUM] : Sleep NUM seconds between retry attempts (default 3)
-R [NUM] : Attempt NUM retries before giving up. The total number of attempts will be NUM + 1.
-t [NUM] : Total number of logins to be tested concurrently
-T [NUM] : Total number of hosts to be tested concurrently
-L : Parallelize logins using one username per thread. The default is to process
the entire username before proceeding.
-f : Stop scanning host after first valid username/password found.
-F : Stop audit after first valid username/password found on any host.
-b : Suppress startup banner
-q : Display module’s usage information
-v [NUM] : Verbose level [0 – 6 (more)]
-w [NUM] : Error debug level [0 – 10 (more)]
-V : Display version
-Z [TEXT] : Resume scan based on map of previous scan