Friday 5 October 2012

Backtrack Penetration Testing: Exploitation


Medusa

Medusa is a log-in brute forcer that attempts to gain access to remote services by guessing at the user password. Medusa is capable of attacking a large number of remote services including FTP, HTTP, MySQL, Telnet, VNC, Web Form, and more. In order to use Medusa, you need several pieces of information including the target IP address, a username or username list that you are attempting to log in as, a password or dictionary file containing multiple passwords to use when logging in, and the name of the service you are attempting to authenticate with.

Medusa comes installed on Backtrack 5. However, if you are using a different version of backtrack without Medusa type:
apt-get update
apt-get install medusa
When using online password crackers, the potential for success can be greatly
increased if you combine this attack with information gathered from reconnaissance and scanning. An example of this is when you find usernames, passwords, and email addresses. Programs like Medusa will take a username and password list and keep guessing until it uses all the passwords. Be aware that some remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. Your IP address can be blocked or the username can be locked out if you enter too many incorrect guesses.
Backtrack includes a few word lists that you can use for your brute forcing adventures. You can find one list at:
/pentest/passwords/wordlists/
Backtrack Tutorials: Password ListIn order to execute the brute-force attack, you open a terminal and type the following:
medusa –h target_ip –u username –P path_to_password_dictionary –M service_to_attack
“-h” is used to specify the IP address of the target host. The “-u” is used for a single username that Medusa will use to attempt log-ins. “-P” is used to specify an entire list containing multiple passwords. The “-P” needs to be followed by the actual location or path to the dictionary file. The “-M” switch is used to specify which service we want to attack.
Backtrack Tutorials: medsua attack
Here I launch an attack against my own ssh server.
More to come!

11 comments:

  1. I'm gone to say to my little brother, that he should also go to see this web site on regular basis to take updated from latest news update.

    Also visit my web page: Standard: Journey

    ReplyDelete
  2. I think the admіn of this ωеb site is rеallу worκіng hard in fаvor of hiѕ web page, for thе
    reasоn thаt heгe every ѕtuff іs quality based mаterial.


    Feel frее tο ѵiѕit
    my web sіtе whitianga beachside accommodation

    ReplyDelete
  3. Thiѕ excellent wеbsite really has all the іnformation
    I wanted concerning thіs subϳесt and didn't know who to ask.

    My homepage ... Rome is actually a good way to see. Ancient rome Hotels

    ReplyDelete
  4. Wow, maгvelous weblоg format! How lоng have you
    еvег been blogging for? уоu made blogging glance eаsy.
    The full glanсe οf your webѕite is great, as
    smartly aѕ the cοntent!

    Looκ at my homеpage :: Accomodations for Website visitors and Travelers to Morocco mole

    ReplyDelete
  5. Nicе blog hегe! Αlso youг ѕite lοads up ѵery fast!
    What hοst are уou uѕing? Can Ӏ get youг assοciаte link for your host?
    ӏ desirе mу web ѕite loaԁeԁ up as quiсκly as yоurs lol

    Haνe a look аt my wеb page :: Discounts Hotels : Compare Motels Price ranges

    ReplyDelete
  6. WHENEVER YOU NEED A HACKER .Every date is expected to end in sex but with this girl it was different I fell in love at first sight most people think love at first sight was a lie I too was one of those but I was immediately proven to be wrong and fate was good to me, we fell in love and we dated for 5yrs, she would come home late and I would neglect it even though we had just moved in together, I would call but she wouldn't pick up, I became suspicious of her activities I was afraid she was in a form of trouble then I sought a close friend for an advice, when I told my friend my suspicions he told me he had a friend who was in a similar situation and he would call him now to introduce us, his friend's phone rang twice then he picked up after introducing us his friend told me to contact his cousin who works as an intern for an agency that the federal bank consults with when they are attacked by hackers and he added that he also does a freelance hack to earn on the side he also gave his contact to me and he hung up after saying our thank you's. His cousin name was Rosa and she helped me with the hack and just as I feared my girl was cheating on me, she has been cheating all along and I was the fool that would always be there I was heartbroken knowing I was about to propose to her all thanks to Rosa I would still be lied too, if you are interested in her freelance service her contact info is: (Parachutelift at gmail dot com), she can also hack into any social media account, Spy on any call, text, track locations, gain password to any social media account including your Emails.

    ReplyDelete
  7. Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.

    **Price for One SSN lead 2$**

    All SSN's are Tested & Verified. Fresh spammed data.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    ->Bulk order negotiable
    ->Hope for the long term business
    ->You can asked for specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  8. Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.

    **Price for One SSN lead 2$**

    All SSN's are Tested & Verified. Fresh spammed data.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    ->Bulk order negotiable
    ->Hope for the long term business
    ->You can asked for specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete


  9. This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

    -Phone hacks (remotely)
    -Credit repair
    -Bitcoin recovery (any cryptocurrency)
    -Make money from home (USA only)
    -Social media hacks
    -Website hacks
    -Erase criminal records (USA & Canada only)
    -Grade change

    Email: cybergoldenhacker at gmail dot com

    ReplyDelete
  10. قمر الامارت
    يعتبر التنظيف بالبخار من الامور السهلة التى يمكنك ازالة كل انواع الاوساخ بسرعة وبطريقة سهلة وصحية
    شركة تنظيف موكيت بدبى
    شركة تنظيف سجاد بدبى

    ReplyDelete
  11. **SELLING SSN+DOB FULLZ**

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    >>1$ each without DL/ID number
    >>2$ each with DL
    >>5$ each for premium (also included relative info)

    *Will reduce price if buying in bulk
    *Hope for a long term business

    FORMAT OF LEADS/FULLZ/PROS

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER WITH EXPIRY DATE
    ->COMPLETE ADDRESS
    ->PHONE NUMBER, EMAIL, I.P ADDRESS
    ->EMPLOYMENT DETAILS
    ->REALTIONSHIP DETAILS
    ->MORTGAGE INFO
    ->BANK ACCOUNT DETAILS

    >Fresh Leads for tax returns & w-2 form filling
    >Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY

    ''OTHER GADGETS PROVIDING''

    >SSN+DOB Fullz
    >CC with CVV
    >Photo ID's
    >Dead Fullz
    >Spamming Tutorials
    >Carding Tutorials
    >Hacking Tutorials
    >SMTP Linux Root
    >DUMPS with pins track 1 and 2
    >Sock Tools
    >Server I.P's
    >HQ Emails with passwords

    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    THANK YOU

    ReplyDelete