tools

Tools make you big and strong

Medusa 2.2 is the first release in over three years. While there are no major changes to the core of the application, it does include many bug-fixes throughout the code base and numerous incremental improvements. The following significant module updates are also included:

HTTP. The module now supports NTLM2 session responses and allows for the inclusion of custom headers. In addition, it can report the target host’s default domain when using NTLM authentication.

RDP. This is a new module and uses the FreeRDP library to test RDP (Terminal Services) on Microsoft Windows 2008/7 and later hosts. It also supports pass-the-hash testing depending on the version of FreeRDP installed. It is recommended that if you are using the RDP module, it be built against a current version of FreeRDP. The FreeRDP-Nightly site provides binaries for several platforms and can be installed side-by-side with the released version. Medusa will detect and use the nightly version during its build process.

SMB. The module now includes a check of the ADMIN$ default share. The purpose of this is to test whether the valid credentials have administrative or user-level access to the host.

SMTP-VRFY. The module now supports EXPN and RCPT bruting.

SSH. The module should now be stable on OS X due to several bug fixes with thread safety.

Medusa is now hosted at GitHub – https://github.com/jmk-foofus/medusa.

See doc/medusa.html for Medusa documentation. For additional information:

http://foofus.net/?page_id=51
http://foofus.net/goons/jmk/medusa/medusa.html

Please feel free to send me questions, bug reports, or patches directly or through the foofus-tools mailing list.

Enjoy!
Joe

I was informed last month of the release of the new “Faraday” penetration testing framework. A key feature of this framework is its ability to parse the output from various other security tools, including Foofus.Net’s Medusa! Here is the official release from the Infobyte folks:

We are happy to announce our first release of Faraday (beta), an open source collaborative Penetration Test IDE console that uses the same tools you use every day.

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment

We built a plugin system, where all the I/O from the terminal gets interpreted, if we have a plugin for the command, the output is processed and added to a knowledge base in a transparent way.

Our idea was to build a tool that helps from the perspective of a pentester without changing the way you work, adding the support for multi user collaboration on security testing projects.

Developed with a specialized set of functionalities that help users improve their own work adding collaborative data sharing, indexation and analysis of the generated knowledge during the engagement of a security audit.

[Features]
* +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
* Collaborative support
* Information Highlighting
* Knowledge Filtering
* Information Dashboard
* Conflict Detection
* Support for multiple Workspaces
* IntelliSense Support
* Easy Plugin Development
* XMLRPC, XML and Regex Parsers

Get it now:
http://www.faradaysec.com
https://github.com/infobyte/faraday

[Contact]
@faradaysec
#faraday-dev on irc.freenode.net

We hope you enjoy it!

Francisco Amato
http://www.linkedin.com/in/famato
http://twitter.com/famato

Infobyte LLC.
2699 S. Bayshore Dr #300.
[33133], Miami, FL
Phone: +1 305 851 3373
http://www.infobytesec.com
http://blog.infobytesec.com
http://twitter.com/infobytesec

 

I got a very interesting note from Ryan Reynolds and Jonathan Claudius, who will be presenting at BlackHat and Defcon 20 in a few weeks. They discovered that, in certain circumstances, the hashes returned by tools like fgdump3 (which is a very limited “ask-and-you-shall-receive” research version I unveiled at ToorCon 2011) as well as HashDump are wrong. They have a proposed patch to HashDump, and I will be incorporating it into the fgdump3 branch as well.

 

FAQ

So does this affect fgdump2/2.1?

No – this only affects versions pulling their values right from the registry (which version 3 is doing).

 

Where is fgdump3 anyway?

I unofficially/quietly released version 3 at ToorCon last year. However, speed issues continued to plague me (changing permissions on the keys is SLOW), and I started looking for a new solution. Right now, the NEW fgdump3 is about 80% done, and combines the old injection method, the registry method, and a new “super s3kr1t” method that looks to work well, and quickly I might add. I have yet to finish the new version (about 80% complete), but I’m going to see if I can pound this out before DC 20 in time for their presentation. It will be ultra-beta, but something to play with.

 

How can I get a copy to play with?

I can send you the old fgdump3 if you want to play with the registry method – email me at fizzgig@foofus.net if you like. It’s unsupported and may cause nausea, but feel free to give it a shot. :)

 

 

Medusa 2.1 is now available for public download.

http://www.foofus.net/jmk/tools/medusa-2.1.tar.gz

What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see:

http://www.foofus.net/jmk/medusa/medusa-compare.html

This release does not introduce any major changes to the core of the application, however, it does include two years worth of bug-fixes throughout the code base and numerous incremental improvements.

Enjoy,

Joe

 

After what feels like an eternity, Medusa 2.0 is now available for public download.

http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz

This release contains the most significant changes to the core of Medusa since its original release in 2005. We’ve moved to a “real” thread pool and modified how credential sets are selected. See the following for a more detailed list of changes:

http://www.foofus.net/jmk/medusa/ChangeLog

Enjoy,
Joe

Fellow Pen-testers:

Version 1.5 of Medusa is now available for public download.

What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see:

http://www.foofus.net/jmk/medusa/medusa-compare.html

It’s been over a year since version 1.4 was released and there has been a bunch of changes. This release includes multiple bug fixes, several new modules and additional module functionality. The following is a quick rundown on some of the new features. A somewhat detailed report is available here: http://www.foofus.net/jmk/medusa/ChangeLog

* AFP – new module (still marked as unstable)
* HTTP – digest auth support
* IMAP – STARTTLS, NTLM support
* POP3 – STARTTLS, LOGIN, PLAIN, NTLM support
* SMBNT – LM, LMv2, NTLMv2 support
* SMTP – NTLM support
* TELNET – AS/400 (TN5250) support
* misc. core and module bug fixes

Finally, the main documentation and actual files are located here:

http://www.foofus.net/jmk/medusa/medusa.html
http://www.foofus.net/jmk/tools/medusa-1.5.tar.gz

Medusa was developed on Gentoo Linux and FreeBSD. Some limited testing has been done on other platforms/distributions (OpenBSD, Debian, Ubuntu, Darwin, Mac OS X, Solaris). If people wish to contribute patches to fix portability issues, I’d be happy to accept them. There are probably lots of bugs which have yet to surface. Please let me know if you encounter issues, fix a bug or just find the application useful.

Enjoy,
Joe