Kali linux : Password Cracking using Medusa

Today, we are going to demonstrate how to implement a password cracking attack using a Kali Linux tool called “Medusa.” Password cracking is an attack that involves attempting multiple credentials on a target server’s service until the correct credentials are obtained. In this demonstration, we will be using Metasploitable2 as our target server, which is located in the same local network as our Kali Linux machine. We will outline the implementation process in three steps.

Medusa

Step 1 : Identifying services on the target server

To identify the services available on our target server, we will be using the nmap tool. Based on the captured information below, we can observe that the target server has multiple open ports. For our password cracking attack, we will primarily focus on the FTP service, as port 21 is open.

nmap port scan result

Step 2 : Generating a wordlist

A wordlist is a list of potential password combinations that will be used for attempting connections on the target server. We will utilize the ‘crunch’ tool to generate our wordlist. In this case, the generated wordlist will be used for both the login and password attempts.

The wordlist we generate will consist of combinations of the letters a, d, f, i, m, n, and s, with a minimum length of 8 characters and a maximum length of 8 characters. The output will be saved in the ‘wordlist.lst’ file.

# crunch 8 8  adfimns -o wordlist.lst

Wordlist generation

When checking the contents of the wordlist.lst file, we can observe that random words have been generated.

# head -10 wordlist.lst

Checking the wordlist generated

Step 3 : Password Cracking using medusa

To familiarize yourself with all the options of Medusa, you can enter the command ‘man medusa’. For our current test, we will be using ‘192.168.3.57’ as the IP address of our target server, and ‘wordlist.lst’ as the file containing the potential password combinations to be used in our attack and ‘msfadmin’ as the login of the FTP server. The implementation is outlined below.

# medusa -h 192.168.3.57 -u msfadmin -P wordlist.lst -M ftp

After multiple attempts, the correct password is found, and the attack can be stopped. One significant disadvantage of this attack is that it is time-consuming since Medusa must test the different potential passwords in the wordlist in ascending order until it finds the correct password.

medusa password found

Conclusion

In this post, we explored how to perform a password cracking attack using the Kali Linux tool called Medusa. While knowing how to implement this type of attack is valuable, it is even better to prevent it. Therefore, some techniques to mitigate this attack include avoiding the use of simple passwords that can be found in dictionaries or easily generated, and configuring the server to enforce limitations on the number of credential attempts.