Medusa
Description¶
This module implements attacking capabilities of the Medusa bruteforce tool.
Prerequisites¶
Medusa must be installed.
Input parameters¶
target
¶
Bruteforce target.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
target |
string | ✓ | 127.0.0.1 |
mod
¶
mod (service) to attack.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
mod |
string | ✗ | ssh |
ftp |
tasks
¶
Number of login pairs tested concurrently.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
tasks |
integer | ✗ | 4 |
8 |
options
¶
Additional Medusa parameters.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
options |
string | ✗ | -t 3 |
credentials
¶
Group for credentials input.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
credentials |
object | ✓ | {"combo_file": "/path/to/file"} |
Specify either combo_file
or one of each username (username
/username_file
) and password (password
/password_file
) parameters:
username
¶
Username to bruteforce.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
username |
string | ✗ | username |
username_file
¶
Absolute path to file with usernames to bruteforce.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
username_file |
string | ✗ | /path/to/file |
password
¶
Password to bruteforce.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
password |
string | ✗ | password |
password_file
¶
Absolute path to file with passwords to bruteforce.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
password_file |
string | ✗ | /path/to/file |
combo_file
¶
Absolute path to file with login pairs to bruteforce. The file should be in format username:password
. More information can be found here.
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
combo_file |
string | ✗ | /path/to/file |
command
¶
Medusa command to run with syntax as in command line (with executable).
Name | Type | Required | Default value | Example value |
---|---|---|---|---|
command |
string | ✓ | medusa -u user -p pass -h <target> -M ssh |
Examples¶
SSH bruteforce¶
Input:
module_arguments:
target: CHANGE_ME
raw_output: true
credentials:
username: vagrant
password: vagrant
tasks: 4
Output:
{
"result": "ok",
"output": "Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>\n\nACCOUNT CHECK: [ssh] Host: 192.168.56.3 (1 of 1, 0 complete) User: vagrant (1 of 1, 0 complete) Password: vagrant (1 of 1 complete)\nACCOUNT FOUND: [ssh] Host: 192.168.56.3 User: vagrant Password: vagrant [SUCCESS]\n",
"serialized_output": {"username": "vagrant", "password": "vagrant", "all_credentials": [{"username": "vagrant", "password": "vagrant"}]}
}
Custom command¶
Input:
module_arguments:
command: medusa -t 4 -u vagrant -p vagrant -h <target> -M ssh
Output:
{
"result": "ok",
"output": "Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>\n\nACCOUNT CHECK: [ssh] Host: 192.168.56.3 (1 of 1, 0 complete) User: vagrant (1 of 1, 0 complete) Password: vagrant (1 of 1 complete)\nACCOUNT FOUND: [ssh] Host: 192.168.56.3 User: vagrant Password: vagrant [SUCCESS]\n",
"serialized_output": {"username": "vagrant", "password": "vagrant", "all_credentials": [{"username": "vagrant", "password": "vagrant"}]}
}
Troubleshooting¶
So far so good.
Output serialization¶
Only the credentials are serialized. They're parsed from the output.
serialized_output
contains:
Parameter name | Parameter description |
---|---|
username |
First username found during bruteforce. |
password |
First password found during bruteforce. |
all_credentials |
List of dictionaries containing all the credentials found in bruteforce. |