Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application.
Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
As with any hacking tool let’s find first the options we can use. Now we know the options what next?
-h (target hostname or IP) -u (victims username) -P (file containing wordlist) -s (Enable SSL) -M (module name) After specifying your target details what are you waiting for? Press Enter.
To make this demo fast because I hate wasting your time I only used 16 password to be tested against the account. As shown on the screen it has successfully found my Gmail password. I also tested Medusa against Yahoo but it failed after a few tries it gets blocked.
In Kali there are few tools to find hidden network or SSID, for example you can use aircrack-ng to view hidden SSIDs but their full network name will stay hidden on the screen unless you deauth a connected client and when it tries to reconnect the networks name will appear. The easiest way to find hidden networks is using a tool called Kismet. Enter command kismet -h to show the options. Type kismet -c wlan1 (depends on your wireless card sometimes wlan0, eth0).
Kismet will ask you if you want to start the server choose Yes
There you go the hidden network was detected!
To know more details on the network same as the picture below just click it. The point here is hiding your network is pretty useless option.
In my previous tutorial I show how to crack WPA password but now let’s downgrade on cracking WEP that is less secure and easier to crack than WPA password, easier than eating popcorn. In cracking WEP password you don’t need to use any wordlist because cracking the key depends on the initialization vectors you’ve captured and the tool will automatically crack the key. Fire up Fern Cracker once again you goddamn bastard!
Choose the wireless card (ex. wlan0, wlan1, eth0)
Scan for wireless APs nearby
When there’s available WEP APs the WEP button will be abled, just click the button and it will open the attack panel.
This panel will show you useful information on the router. – channel, ESSID, BSID. Click your target router, tick the regular attack and on the upper right side click wifi attack. When everything goes smoothly you’ll see the increasing number of IVs like the picture above. Take note that the speed of IVs depends on the connected devices using the network because if they are just connected but not browsing something the attack will be very slow.
27133 IVs and counting still no WEP key but in this world for us to exist, patience is virtue. You can leave it there and watch your favorite tv show.
Alas! the WEP key! a 26-digit key that you can enter as password or if you want you can decrypt the password using online hex to ascii converters. To sum it, if you’re still using WEP change it to more secure WPA/WPA2. There’s another tool that can crack WEP like wifite that I will use in my upcoming tutorials.