A brute force attack is the way to recover a key by trying all possible combinations until you find the one that allows access.
What is Medusa?
Medusa is one of the great tools for brute force. Based on word dictionaries, it is very stable, simple, fast and allows attacks on many services.
Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
How is it used?
Before cracking, we should establish whether the system is running an SSH service. Most probably SSH will be running on Port 22. This is the port that we will be using with Nmap. In a terminal, type:
nmap -sV -p 22 172.31.2.117
The -sV is a service scan while -p is to scan specific ports in our case, port 22. Other scans in nmap include the FIN scan and the SYN scan:
sudo -H nmap -sF -p 22 172.31.2.117
sudo -H nmap -sS -p 22 172.31.2.117
When you need to scan all the systems on the network, include /24 at the end of the IP. It should look like this:
nmap -sV -p 22 172.31.2.0/24
On determining that an SSH service is running on port 22, we can proceed to crack.
Medusa is an awesome online cracking tool especially cracking SSH, Telnet, and FTP services. If you haven’t installed Medusa, type in a terminal:
sudo -H apt-get install medusa
On installing, type:
your screen should be similar to my screenshot:
medusa -h (host) -u (username) -P (wordlist) -M ssh
Medusa doesn’t include a brute-force method that tries out every probable password combination. Instead, it makes use of a wordlist. SecLists49 is a good set of wordlists that I’ve found on the internet. How fast medusa will try to crack the password depends on how big your wordlist is as well as the quality of your internet connection. In my opinion, the root account is what you’d want to try and crack. There are several modules, however, since we are cracking the SSH password the -M flag will be set to ssh.
If you are interested in learning more, we invite you to review this course.