Automating Password Attacks with Medusa
Tool Authors: JoMo-Kun, Foofus and Development team
Medusa is another automated password attack tool. Medusa functions similarly to Hydra. We can also use the same username and password list. Let’s try this tool against the Metasploitable FTP service.
➢ Use, “medusa -d” to list all available modules
➢ medusa -h [Target_IP] -U ~/Users -P ~/Passwords -M ftp
Medusa tries all of the username, passwords combos and in a short time you should see the following:
The output from Hydra is a little nicer, but it is good to try several different tools to see which one you prefer. Let’s look at one more tool, “Ncrack”.