Cracking SMBNT with Medusa


As I am learning more about the SMB protocol for Windows, I came across Medusa.  So first thing I did was try and hook it up with a dictionary and attack my Windows OS which is on Windows 7.  After installing it, (see here to know how), I looked at the arguments and start cracking!  I tried cracking using THC-HYDRA but I had some difficulties at first.  The commands are pretty much the same if you look at it.

Cracking with a single password

medusa -h 192.168.1.2 -u Brian -p 1234567890 -ns -M smbnt

Note: You can choose to omit -ns as n it is defined as ([n] No Password, [s] Password = Username), as for -h, it is the name of the host.  -u for username and -p followed by the password.  -M stands for the protocol that I am cracking which is SMBNT.

Cracking with a dictionary/wordlist file

medusa -h 192.168.1.2 -u Brian -P /dictionary/commonpassword.txt -ns -M smbnt

Note: As you can see, what changed was the -p to -P argument.  Uppercase meaning to use a file instead of the given string as value.  You can see that /dictionary/commonpassword.txt is the path to my dictionary file.

References

1.) http://www.foofus.net/~jmk/medusa/medusa.html
2.) http://www.foofus.net/?page_id=51

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: