In the previous guide, I showed you how to use the Common User Password Profiler in Kali Linux. Today, we’re going to crack passwords against that list.
So here’s the scenario:
Let’s say Joe Blow is the network engineer for Acme Corp and he has a local SSH account on this Cisco 3725 router.
You created your custom password list using the Common User Password Profiler (CUPP) but now you need to do something with it.
That’s where Medusa (“Meh – Doo – Sa”) comes in.
This is a very powerful password cracker and it’s easy to get overwhelmed if you look at the command syntax:
medusa --help | more
So let’s skip to the chase and get to the good part
Let’s say you figured out the router is the default gateway on the LAN and you know the IP Address is 10.0.2.1.
We can enter the target hostname -h 10.0.2.1 the username to test -u joe and give it the password file that we generated from CUPP -p joe.txt.
We can also do a few extra password checks. We’ll use -e ns to make sure the password isn’t blank or his username, joe.
After we find the first password we’ll stop the audit. -F and we’ll run the attack against the SSH module. -M ssh
Here’s the full command but remember you can easily piece this together by looking at the medusa –help output.
medusa -h 10.0.2.1 -u joe -P /root/cupp/joe.txt -e ns -F -M ssh
Note I’m using the SSH module for this example but there bountiful options from Telnet to HTTP. You’re not confined to using SSH.
It only took it three tries to discover the password for user joe: 011989.
Now that’s because I purposely configured a SSH password from the top of the joe.txt list. In reality it could take longer or may not yield any results at all but the point is that Medusa greatly increases your changes of breaking into a highly targeted well-researched victim.
Now I can SSH into the router and p0wn the appliance.
Oh lookie here. I can see all the interfaces.
In the next guide, I’m going to show you a few things you can do to prevent this kind of attack. Check back tomorrow. Same place same time. Haha.