Sup Guys been a long time i know i have been busy with a new kid on the way so im busy anyways i am the laughing man and this post is on a tool that not many people know about and use it but the tool we are using is medusa
What is Medusa
Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:
Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
Multiple protocols supported. Many services are currently supported (e.g. SMB, HTTP, MS-SQL, POP3, RDP, SSHv2, among others).
find out more here
Gmail SMTP Setup settings
SMTP username: Your Gmail address
SMTP password: Your Gmail password
SMTP server address: smtp.gmail.com
Gmail SMTP port (TLS): 587
SMTP port (SSL): 465
SMTP TLS/SSL required: yes
Installing and using Medusa
First of all lads and gals we open terminal and type
apt install medusa -y
now we type
medusa -h in to the terminal this will bring up the help menu for Medusa
medusa: option requires an argument — ‘h’
CRITICAL: Unknown error processing command-line options.
ALERT: Host information must be supplied.
Syntax: Medusa [-h host|-H file] [-u username|-U file] [-p password|-P file] [-C file] -M module [OPT]
-h [TEXT] : Target hostname or IP address
-H [FILE] : File containing target hostnames or IP addresses
-u [TEXT] : Username to test
-U [FILE] : File containing usernames to test
-p [TEXT] : Password to test
-P [FILE] : File containing passwords to test
-C [FILE] : File containing combo entries. See README for more information.
-O [FILE] : File to append log information to
-e [n/s/ns] : Additional password checks ([n] No Password, [s] Password = Username)
-M [TEXT] : Name of the module to execute (without the .mod extension)
-m [TEXT] : Parameter to pass to the module. This can be passed multiple times with a
different parameter each time and they will all be sent to the module (i.e.
-m Param1 -m Param2, etc.)
-d : Dump all known modules
-n [NUM] : Use for non-default TCP port number
-s : Enable SSL
-g [NUM] : Give up after trying to connect for NUM seconds (default 3)
-r [NUM] : Sleep NUM seconds between retry attempts (default 3)
-R [NUM] : Attempt NUM retries before giving up. The total number of attempts will be NUM + 1.
-c [NUM] : Time to wait in usec to verify socket is available (default 500 usec).
-t [NUM] : Total number of logins to be tested concurrently
-T [NUM] : Total number of hosts to be tested concurrently
-L : Parallelize logins using one username per thread. The default is to process
the entire username before proceeding.
-f : Stop scanning host after first valid username/password found.
-F : Stop audit after first valid username/password found on any host.
-b : Suppress startup banner
-q : Display module’s usage information
-v [NUM] : Verbose level [0 – 6 (more)]
-w [NUM] : Error debug level [0 – 10 (more)]
-V : Display version
-Z [TEXT] : Resume scan based on map of previous scan
now we know the are options lets put them together so type in terminal
medusa -h smtp.gmail.com -u email@example.com -P /usr/share/brutex/wordlists/password.lst -M smtp
u can use the pre installed wordlists in kali linux to find one type in terminal
well this a good bruteforce tool for any hacker to hack personal note its not as great as they say as Hydra can do the same along with other bruteforce tools