当前位置: 首页 > 工具软件 > Medusa > 使用案例 >

美杜莎(Medusa)

索令
2023-12-01

(1).美杜莎介绍

  Medusa(美杜莎)是一个速度快,支持大规模并行,模块化的暴力破解工具。可以同时对多个主机,用户或密码执行强力测试。Medusa和hydra一样,同样属于在线密码破解工具。Medusa是支持AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare),NNTP,PcAnywhere, POP3, PostgreSQL, rexec, RDP、rlogin, rsh, SMBNT,SMTP(AUTH/VRFY),SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC、Generic Wrapper以及Web表单的密码爆破工具。

  官方网站:Foofus Networking Services - Medusa

  GitHub地址:https://github.com/jmk-foofus/medusa

  官网提供tar.gz包,GitHub提供zip包

(2).安装Medusa

  安装依赖包

1

[root@youxi1 ~]# yum -y install libssh2-devel libssh2-devel libtool libtool-ltdl libtool-ltdl-devel

  将下载好的压缩包上传,解压编译安装

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

[root@youxi1 ~]# tar xf medusa-2.2.tar.gz

[root@youxi1 ~]# cd medusa-2.2/

[root@youxi1 medusa-2.2]# ./configure --enable-debug=yes --enable-module-afp=yes

 --enable-module-cvs=yes --enable-module-ftp=yes --enable-module-http=yes

 --enable-module-imap=yes --enable-module-mssql=yes --enable-module-mysql=yes

 --enable-module-ncp=yes --enable-module-nntp=yes --enable-module-pcanywhere=yes

 --enable-module-pop3=yes --enable-module-postgres=yes --enable-module-rexec=yes

 --enable-module-rlogin=yes --enable-module-rsh=yes --enable-module-smbnt=yes

 --enable-module-smtp=yes --enable-module-smtp-vrfy=yes --enable-module-snmp=yes

 --enable-module-ssh=yes --enable-module-svn=yes --enable-module-telnet=yes

 --enable-module-vmauthd=yes --enable-module-vnc=yes --enable-module-wrapper=yes

 --enable-module-web-form=yes

[root@youxi1 medusa-2.2]# echo $?

0

[root@youxi1 medusa-2.2]# make && make install

[root@youxi1 medusa-2.2]# echo $?

0

[root@youxi1 medusa-2.2]# ls /usr/local/lib/medusa/modules/  //查看已经生成的模块

afp.mod    mysql.mod       rexec.mod      snmp.mod     web-form.mod

cvs.mod    ncp.mod         rlogin.mod     ssh.mod      wrapper.mod

ftp.mod    nntp.mod        rsh.mod        svn.mod

http.mod   pcanywhere.mod  smbnt.mod      telnet.mod

imap.mod   pop3.mod        smtp.mod       vmauthd.mod

mssql.mod  postgres.mod    smtp-vrfy.mod  vnc.mod

(3).Medusa使用方法

  Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]

  选项说明:

-h [TEXT]      目标主机名称或者IP地址

-H [FILE]       包含目标主机名称或者IP地址文件

-u [TEXT]      测试的用户名

-U [FILE]       包含测试的用户名文件

-p [TEXT]      测试的密码

-P [FILE]       包含测试的密码文件

-C [FILE]       组合条目文件

-O [FILE]       日志信息文件

-e [n/s/ns]    n代表空密码,s代表为密码与用户名相同

-M [TEXT]      模块执行名称

-m [TEXT]      传递参数到模块

-d                 显示所有的模块名称

-n [NUM]       使用非默认Tcp端口

-s                 启用SSL

-r [NUM]       重试间隔时间,默认为3秒

-t [NUM]       设定线程数量

-T             同时测试的主机总数

-L                 并行化,每个用户使用一个线程

-f                 在任何主机上找到第一个账号/密码后,停止破解

-F                在任何主机上找到第一个有效的用户名/密码后停止审计。

-q                显示模块的使用信息

-v [NUM]      详细级别(0-6)

-w [NUM]     错误调试级别(0-10)

-V                显示版本

-Z [TEXT]      继续扫描上一次

(4).实例

  指定主机,指定用户,测试单个密码

1

2

3

4

5

6

7

8

[root@youxi1 medusa-2.2]# cd

[root@youxi1 ~]# echo 192.168.5.101 > host.txt

[root@youxi1 ~]# echo root > users.txt

[root@youxi1 ~]# medusa -M ssh -H host.txt -U users.txt -p 123456

Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (1 of 1 complete)

ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS]

  指定主机,指定用户,测试多个密码

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

[root@youxi1 ~]# vim p.txt  //自己建立一个测试字典

1234567890

PASSWORD

password

1234abcd

abcd1234

ABCDEFGH

abcdefgh

123456

[root@youxi1 ~]# medusa -M ssh -H ./host.txt -U ./users.txt -P p.txt

Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234567890 (1 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: PASSWORD (2 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: password (3 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234abcd (4 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcd1234 (5 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: ABCDEFGH (6 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcdefgh (7 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (8 of 8 complete)

ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS]

  使用-O选项将破解的密码保存到指定文件中

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

[root@youxi1 ~]# medusa -M ssh -H ./host.txt -U ./users.txt -P p.txt -O password.txt

Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234567890 (1 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: PASSWORD (2 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: password (3 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234abcd (4 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcd1234 (5 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: ABCDEFGH (6 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abcdefgh (7 of 8 complete)

ACCOUNT CHECK: [ssh] Host: 192.168.5.101 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (8 of 8 complete)

ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS]

[root@youxi1 ~]# cat password.txt  //查看

# Medusa v.2.2 (2019-09-02 11:46:53)

# medusa -M ssh -H ./host.txt -U ./users.txt -P p.txt -O password.txt

ACCOUNT FOUND: [ssh] Host: 192.168.5.101 User: root Password: 123456 [SUCCESS]

# Medusa has finished (2019-09-02 11:47:07).

 类似资料: