In today’s world, the majority of people are generally aware that malicious users and hackers can steal their confidential information through various attacks. However, most people don’t really understand the specific attacks that they are vulnerable to. So in this article, We are going to learn about Password Attacks. Password Attacks means a third party trying to gain access to your systems by cracking a user’s password,it may sound illegal but it depends on us whether we want to use it for good things or bad things. Password Attacks are useful in various Cyber Events as well as we can perform it on our own system in case we forgot the password. In this article, we are going to perform brute force attacks with the help of the Medusa tool in Kali Linux.
Methods of Cracking Password:
There are a number of ways to crack passwords. Some of them are old-fashioned yet very effective.
- Social Engineering
- Dictionary Attacks
- Shoulder Surfing
- Rainbow Tables
- Brute Force Attacks
- Password Probability Matrix
Note: Don’t use this method of password cracking for unethical purposes and without prior permission from the owner. Keep it Ethical and Enjoy !!
Medusa is a modular, speedy, and parallel, login brute-forcer. It is a very powerful and lightweight tool. Medusa tool is used to brute-force credentials in as many protocols as possible which eventually lead to remote code execution. It currently has over 21 modules, some of which are: PcAnywhere, POP3, CVS, FTP, HTTP, IMAP, SMB, SMTP (VRFY), SNMP, SSHv2, MS-SQL, MySQL, NCP (NetWare), PostgreSQL, rexec, rlogin, rsh, Telnet, SVN, VNC, VmAuthd and a generic wrapper module. Kali Linux comes with pre-installed Medusa. If you don’t have the Medusa tool installed in your system. Simply, run the following command on your terminal consisting of the apt package manager to install the Medusa tool.
sudo apt-get install medusa
Brute Force Attack using Medusa :
We are going to crack the password of SSH service in this Brute Force Attack using Medusa.
Step 1: To run medusa in your system simply type medusa in the terminal.
Step 2: If you need help regarding Medusa Tool. Simply, type medusa -h in the terminal.
Step 3: To avoid ssh connection error first start the ssh services with the below command.
sudo service ssh start
Step 4: To crack the Password for ssh service, type the below command
medusa -h 10.0.2.15 -u lalit -P /home/lalit/Desktop/Password_List.txt -M ssh -n 22
In the above command :
- medusa – to execute the medusa tool
- -h – is used to specify the Target Host or IP address
- -u – It means username to test
- -P – we can use -p to test a single password or -P to use a text file containing a lot of Passwords for Brute Force Attack
- -M – It means the name of the module to execute, I am using ssh here.
- -n – It means the port number
After the complete execution of the above command. You can see the Success keyword with the Right Password.