login time out long....

command:
medusa -M rdp -m DOMAIN:CORPNAME -h 172.24.243.71 -n 3389 -u administrator -P pass.txt

pass.txt is a password dict, it have 1000+ record.

when i execute this command, an Segmentation fault error occurred, and this error will be occurred when i execute this command every time.

error info:
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
ACCOUNT CHECK: [rdp] Host: 172.24.243.71 (1 of 1, 0 complete) User: administrator (1 of 1, 0 complete) Password: freepass (1000 of 1004 complete)
connected to 172.24.243.71:3389
SSL_read: Failure in SSL library (protocol error?)
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
ACCOUNT CHECK: [rdp] Host: 172.24.243.71 (1 of 1, 0 complete) User: administrator (1 of 1, 0 complete) Password: admin@123456 (1001 of 1004 complete)
connected to 172.24.243.71:3389
Segmentation fault

I'm trying to bruteforce a password via http with this command:
medusa -h IPADDRESS -u USERNAME -P /home/USERNAME/Schreibtisch/darkweb2017-top1000.txt -M http

but it only tries the first password of 1000 and then it says: "ACCOUNT FOUND: [http] Host: IPADDRESS User: USERNAME Password: PASSWORD [SUCCESS]

But I tried, it's not the password.

What can I do?
See attachment

RomSShell server auth it's error...

like ACCOUNT FOUND: [ssh] Host: x.x.x.x User: root Password: 123456a [SUCCESS]

medusa say success,that be wrong.

Hello.
I think it will be very useful to add option to limit bruteforce speed ;)

I am working on my OSCP and am trying to gain access to a phpmyadmin directory. However, an htaccess configuration requires a username and password before gaining access to the page. Medusa returns the first entry in the password list (which is invalid) and then exits. Any help would be greatl;y appreciated.

Command Executed:
medusa -h 10.11.1.223 -P 1575-john.txt -u admin -M http -m DIR:phpmyadmin

Debug:
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks [email protected]

DEBUG [B6ABAAC0]: Successfully loaded login information.
DEBUG AUDIT [B6ABAAC0]: adding new server (0) to queue
DEBUG AUDIT [B6ABAAC0]: waiting for server pool to end
DEBUG SERVER [B6A0BB40]: Server ID: 0 Host: 10.11.1.223 iUserPassCnt: 71181 iLoginCnt: 1
DEBUG SERVER [B6A0BB40]: Set IPv4 address: 10.11.1.223 (10.11.1.223)
DEBUG SERVER [B6A0BB40]: Adding new login task (0) to server queue (0)
DEBUG SERVER [B6A0BB40]: waiting for server 0 login pool to end
DEBUG [B60FFB40]: startModule iId: 0 pLogin: B6A0B1E0 modParams->argv: 1D7D400 modParams: B6A0B1C0
DEBUG [B60FFB40]: Trying module path of .
DEBUG [B60FFB40]: Attempting to load ./http.mod
DEBUG [B60FFB40]: Trying module path of /usr/lib/i386-linux-gnu/medusa/modules
DEBUG [B60FFB40]: Attempting to load /usr/lib/i386-linux-gnu/medusa/modules/http.mod
DEBUG MODULE [B60FFB40]: OMG teh http.mod module has been called!!
DEBUG MODULE [B60FFB40]: Processing complete option: DIR:phpmyadmin
DEBUG MODULE [B60FFB40]: Processing option: DIR
DEBUG MODULE [B60FFB40]: Processing option parameter: phpmyadmin
DEBUG [B60FFB40]: [getNextNormalCred] Initial credential set request for login module.
DEBUG [B60FFB40]: [getNextNormalCred] (PARALLEL_LOGINS_PASSWORD) setting user: admin
DEBUG MODULE [B60FFB40]: [http.mod] module started for host: 10.11.1.223 user: admin
DEBUG [B60FFB40]: Connected (internal)
DEBUG MODULE [B60FFB40]: [http.mod] Sending initial non-authentication request: GET /phpmyadmin HTTP/1.1[0D][0A]Host: 10.11.1.223:80[0D][0A]User-Agent: Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)[0D][0A][0D][0A]
DEBUG [B60FFB40]: Data sent: GET /phpmyadmin HTTP/1.1[0D][0A]Host: 10.11.1.223:80[0D][0A]User-Agent: Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)[0D][0A][0D][0A]
DEBUG [B60FFB40]: Regural expession: "HTTP/1.* .*[0D][0A]"
DEBUG [B60FFB40]: Data receive: Data waiting.
DEBUG [B60FFB40]: Data received (764): HTTP/1.1 301 Moved Permanently[0D][0A]Date: Thu, 26 Apr 2018 10:11:56 GMT[0D][0A]Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1[0D][0A]Location: http://10.11.1.223/phpmyadmin/[0D][0A]Content-Length: 434[0D][0A]Content-Type: text/html; charset=iso-8859-1[0D][0A][0D][0A][0A][0A]<title>301 Moved Permanently</title>[0A][0A]

Moved Permanently

The document has moved here.

Moved Permanently

The document has moved here.

Moved Permanently

The document has moved here.

I am trying to use Medusa to brute-force MSSQL logins (disclaimer: authorized). Before running larger user and password lists, I am trying to verify accurate function against the SQL Server with a known username and password. Using the mssql module, I cannot get this to work correctly, although I know for a fact (both by connecting successfully and cracking successfully with other tools) these credentials work.

I believe the issue may be related to Windows authentication, which is the default for MSSQL and also the configuration setting of the server, meaning that my username requires a domain in addition to the password to successfully connect. I have tried all of the following forms of command to no avail (actual username, password, host, and port redacted).

medusa -h 10.10.10.51 -n 7777 -M mssql -u "DOMAIN\myusername" -p mypassword -v 6 -w 5
medusa -h 10.10.10.51 -n 7777 -M mssql -u DOMAIN\myusername -p mypassword -v 6 -w 5
medusa -h 10.10.10.51 -n 7777 -M mssql -u DOMAIN\\myusername -p mypassword -v 6 -w 5
medusa -h 10.10.10.51 -n 7777 -M mssql -u myusername@DOMAIN -p mypassword -v 6 -w 5
medusa -h 10.10.10.51 -n 7777 -M mssql -u myusername -p mypassword -v 6 -w 5

All of these commands result in the same similar output as below:

└─$ medusa -h 10.10.10.51 -n 7777 -M mssql -u "DOMAIN\myusername" -p mypassword -v 6 -w 5
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>

GENERAL: Parallel Hosts: 1 Parallel Logins: 1
GENERAL: Total Hosts: 1 
GENERAL: Total Users: 1
GENERAL: Total Passwords: 1
ACCOUNT CHECK: [mssql] Host: 10.10.10.51 (1 of 1, 0 complete) User: DOMAIN\myusername (1 of 1, 0 complete) Password: mypassword (1 of 1 complete)
GENERAL: Medusa has finished.

Below is my configuration information:

• OS:

└─$ cat /etc/os-release                                       
PRETTY_NAME="Kali GNU/Linux Rolling"
NAME="Kali GNU/Linux"
ID=kali
VERSION="2021.4"
VERSION_ID="2021.4"
VERSION_CODENAME="kali-rolling"
ID_LIKE=Debbie

• Medusa version:

Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>

• MS SQL SERVER:

Microsoft SQL Server 2014, 12.0.6433.1 (X64)

MSSQL supports three authentication modes:

• Windows authentication only (default)
• SQL Server authentication only
• Mixed-mode authentication

I have not seen where in the documentation there is any discussion of what MSSQL authentication modes Medusa supports. If someone could give me a hand and let me know what Medusa supports / doesn't and how to get this working (if possible), it would be greatly appreciated -- thanks!

I think it would be great to have a rate limiting feature in Medusa so we can set a pause time between guesses.
For my clients, I like to start with very slow password guessing, and slowly increase speed until they find the cutoff point where they get alerted on brute force attacks.

Ran fine the other day found the password about 1/3 of the way through the list. Tried a few more tests today with new targets and always has success and always the first password in the list. It is never the correct password. So I ran the successful attack from the other day and it returned the same non valid password, also the first in the list. thoughts?

medusa -h 10.10.10.111 -u jblow -P pass.txt -M http
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks [email protected]

ACCOUNT CHECK: [http] Host: 10.10.10.111 (1 of 1, 0 complete) User: jblow (1 of 1, 0 complete) Password: and (1 of 35 complete)
ACCOUNT FOUND: [http] Host: 10.10.10.111 User: jblow Password: tree [SUCCESS]

Hi I have been testing it against a bunch of HP printers with telnet services enabled. The telnet module appears to have a bug which returns "success" for any password when two character usernames are supplied.

I have got the following results which I was not able to verify:

# cat telnet-success.txt 
[+] ACCOUNT FOUND: [telnet] Host: xxx User: [E2][80][93] Password: 0 [SUCCESS]
[+] ACCOUNT FOUND: [telnet] Host: xxx User: [E2][80][93] Password: 0 [SUCCESS]
[+] ACCOUNT FOUND: [telnet] Host: xxx User: [E2][80][93] Password: 0P3N [SUCCESS]
[+] ACCOUNT FOUND: [telnet] Host: xxx User: [E2][80][93] Password: 0P3N [SUCCESS]
....

Running Medusa directly from a Kali box.

# medusa -h xxx -u E2 -p anything -M telnet
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>

ACCOUNT CHECK: [telnet] Host: xxx (1 of 1, 0 complete) User: E2 (1 of 1, 0 complete) Password: anything (1 of 1 complete)
ACCOUNT FOUND: [telnet] Host: xxx User: E2 Password: anything [SUCCESS]

After digging up a bit E2 80 93 is the hex characters in UTF-8 encoding for dash "-".

I am trying to install medusa on windows using kali linux and I can't get the ./configure action to complete because it lists the error as follows:

./configure: line 5801: syntax error near unexpected token 'FREERDP2'
./configure: 'PKG_CHECK_MODULES(FREERDP2, freerdp2)'

No package 'freerdp2' found
help me

$ autoconf
$ ./configure
checking build system type... ./config.guess: unable to guess system type

This script, last modified 2005-03-24, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from

http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
and
http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub

If the version you run (./config.guess) is already up to date, please
send the following data and any information you think might be
pertinent to [email protected] in order to provide the needed
information to handle your system.

config.guess timestamp = 2005-03-24

uname -m = x86_64
uname -r = 2.8.0(0.309/5/3)
uname -s = CYGWIN_NT-6.1
uname -v = 2017-04-01 20:47

/usr/bin/uname -p = unknown
/bin/uname -X =

hostinfo =
/bin/universe =
/usr/bin/arch -k =
/bin/arch = x86_64
/usr/bin/oslevel =
/usr/convex/getsysinfo =

UNAME_MACHINE = x86_64
UNAME_RELEASE = 2.8.0(0.309/5/3)
UNAME_SYSTEM = CYGWIN_NT-6.1
UNAME_VERSION = 2017-04-01 20:47
configure: error: cannot guess build type; you must specify one

When I do (its x64 cygwin):
$ ./configure --build=i686-pc-linux-gnu
(lots of stuff)
$ make
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /prg/tmp/medusa/missing aclocal-1.15
cd . && /bin/sh /prg/tmp/medusa/missing automake-1.15 --gnu
Unescaped left brace in regex is deprecated, passed through in regex; marked by <-- HERE in m/${ <-- HERE ([^ \t=:+{}]+)}/ at /usr/bin/automake-1.15 line 3936.
CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /prg/tmp/medusa/missing autoconf
/bin/sh ./config.status --recheck
running CONFIG_SHELL=/bin/sh /bin/sh ./configure --build=i686-pc-linux-gnu --target=i686-pc-linux-gnu build_alias=i686-pc-linux-gnu target_alias=i686-pc-linux-gnu --no-create --no-recursion
[...]
gcc -g -O2 -fPIC -L/usr/local/lib -L/usr//lib -rdynamic -o cvs.mod.exe cvs.o ../medusa-trace.o -lsvn_client-1 -shared -lcrypto -ldl -lpthread -lssl -lcrypto -lssl -lcrypto -ldl -lrt -lm
cvs.o: In function tryLogin': /prg/tmp/medusa/src/modsrc/cvs.c:325: undefined reference to medusaSend'
/prg/tmp/medusa/src/modsrc/cvs.c:325:(.text+0x4b0): relocation truncated to fit: R_X86_64_PC32 against undefined symbol medusaSend' /prg/tmp/medusa/src/modsrc/cvs.c:332: undefined reference to medusaReceiveRaw'
/prg/tmp/medusa/src/modsrc/cvs.c:332:(.text+0x4cd): relocation truncated to fit: R_X86_64_PC32 against undefined symbol medusaReceiveRaw' /prg/tmp/medusa/src/modsrc/cvs.c:361: undefined reference to setPassResult'
/prg/tmp/medusa/src/modsrc/cvs.c:361:(.text+0x521): relocation truncated to fit: R_X86_64_PC32 against undefined symbol setPassResult' cvs.o: In function initModule':

keep up the great work

I use the command medusa -H target.txt -U user.txt -P smallpass.txt -T 1 -t 3 -M ssh to test some hosts. The file target.txt is a file that contains 2 IPs; the file user.txt contains 5 usernames; the file smallpass.txt contains 13 passwords.

I did't add the -L parameter, because I don't want each thread to test a username parallelly. I want all the threads to process an entire username before proceeding, one by one.

But, in this instance, after the first username root has been completely tested, the threads changed to be parallel, although i didn't add the -L parameter.

Is this a default setting or a bug? Please help me, thank you very much.

99 hosts,option is -T 50 -c 2 -g 1 -R 1 -f

see debug log is

DEBUG [C83D9700]: Retrieving the next available credential set from list of previously missed sets.
INFO: Login Module: 0 - No additional missed users/passwords, setting credential status to CREDENTIAL_DONE.
DEBUG MODULE [C83D9700]: [ssh.mod] No more available credential sets to test.
DEBUG [C83D9700]: Disconnect successful
DEBUG SERVER [D19E8700]: destroying server 94 login pool
DEBUG SERVER [D19E8700]: exiting server: 94

may be ssh Handshake problem

so can add option to socket timeout?

I get a segmentation fault when trying to use the web-form module

medusa -h 127.0.0.1 -u foo -p bar -M web-form -m FORM:"/mutillidae/index.php?page=login.php" -m FORM-DATA:"post?username=&password=&login-php-submit-button=Login"

The configure script does not properly detect the presence of libssh2.so on non-amd64 architectures. It only checks a fixed list of path... instead it should check all the directories that the linker is using.

I have found a way to extract that list of directories with the following code snippet:
ld --verbose | grep SEARCH_DIR | sed -e 's/\"); */\n/g' | cut -d= -f2

I have a working patch here:
http://git.kali.org/gitweb/?p=packages/medusa.git;a=blob_plain;f=debian/patches/fix-libssl2-configure-check.patch;hb=refs/heads/kali/master

This bug has been first reported to Kali here: https://bugs.kali.org/view.php?id=3126

root@k:~# sudo medusa -u msfadmin -P '/password.lst.txt' -h 192.168.1.100 -M rlogin
Medusa v2.2 http://www.foofus.net JoMo-Kun / Foofus Networks [email protected]

ERROR: rlogin.mod failed: medusaReceive returned no data.
CRITICAL: Unknown rlogin.mod module state -1

can you help me how to do next, thank you?

Hi,

Are there any plans to add support for SMBv2/3 password attacks? The recent announcement by Shadow Brokers regarding an SMBv1 RCE exploit means that people are starting to disable SMBv1.

Currently I get "ERROR: SMB Protocol Negotiation Failed with host: 10.139.108.49" when a host has SMBv1 turned off.

Thanks!

Hi, developers, thank you for your checking. It seems the lock psLogin->psServer->psAudit->ptmMutex is not released correctly when libssh2_init(0)== 1 in the function initModule?

Did a test last week and posted the issue on Brutespray’s GitHub repo x90skysn3k/brutespray#47

Seems this may be a Medusa issue so here once more:

I ran /brutespray.py -f test.xml -U /Users/jasper/medusa/sample/usernames.txt -P /Users/jasper/medusa/sample/1000000-password-seclists.txt --threads 5 --hosts 5 and received an error telling that the regular expression pattern cannot be matched to the server's response:

ERROR: Failed to match regex pattern within server's response.
ERROR: Failed to match regex pattern within server's response.
ERROR: Failed to match regex pattern within server's response.
ERROR: No supported authentication methods located.
ERROR: No supported authentication methods located.
ERROR: No supported authentication methods located.
ERROR: No supported authentication methods located.
ERROR: No supported authentication methods located.
2020-11-03 12:04:03 ACCOUNT CHECK: [ssh] Host: xxx.xxx.xxx.xx (1 of 1, 0 complete) User: Aaren (1 of 362904, 0 complete) Password: 123456789 (1 of 1000000 complete)
2020-11-03 12:04:03 ACCOUNT CHECK: [ssh] Host: xxx.xxx.xxx.xx (1 of 1, 0 complete) User: Aaren (1 of 362904, 0 complete) Password: password (2 of 1000000 complete)
2020-11-03 12:04:03 ACCOUNT CHECK: [ssh] Host: xxx.xxx.xxx.xx (1 of 1, 0 complete) User: Aaren (1 of 362904, 0 complete) Password: qwerty (3 of 1000000 complete)
2020-11-03 12:04:03 ACCOUNT CHECK: [ssh] Host: xxx.xxx.xxx.xx (1 of 1, 0 complete) User: Aaren (1 of 362904, 0 complete) Password: 123456 (4 of 1000000 complete)
2020-11-03 12:04:03 ACCOUNT CHECK: [ssh] Host: xxx.xxx.xxx.xx (1 of 1, 0 complete) User: Aaren (1 of 362904, 0 complete) Password: 12345678 (5 of 1000000 complete)
ERROR: Failed to match regex pattern within server's response.
ERROR: Failed to match regex pattern within server's response.

This though I ran the nmap command nmap -v -sV -oA test staging.domain.com before and stored the data. Any ideas why this is happening? Could it be because the domain root hits a 302 redirecting to a login?

Cannot run the built version of Medusa on macOS. Followed the instructions just fine and even moved the binary to

➜  medusa git:(master) ✗ cd /usr/local/bin/
➜  bin ll |grep medusa
-rwxr-xr-x  1 root    admin    98K Nov  2 10:47 medusa

but now on running a basic test using

➜  medusa git:(master) ✗ medusa -M smbnt -q

I get the module could not be loaded error:

Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>

IMPORTANT: Couldn't load "smbnt" [dlopen(/usr/local/lib/medusa/modules/smbnt.mod, 2): image not found]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path].
CRITICAL: invokeModule failed - see previous errors for an explanation

Having an issue trying to use the rdp module.

command example: medusa -M rdp -m DOMAIN:USER -h TARGET -u lockout -P '/root/Desktop/changemewordlist'

Couldn't load "rdp" [/usr/lib/x86_64-linux-gnu/medusa/modules/rdp.mod: cannot open shared object file: No such file or directory]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path].
invokeModule failed - see previous errors for an explanation

I am using kali linux

hello, friend, if many ips or passwords， I will have this question：

medusa: ath.c:193: _gcry_ath_mutex_lock: Assertion `*lock == ((ath_mutex_t) 0)' failed.

thank you!

command line arguments:
medusa -h ip -O pw.txt -M pop3 -L -c 100 -p '123qwe!@#' -U mail.txt

ACCOUNT CHECK: [pop3] Host: ip (1 of 1, 0 complete) User: username (2400 of 7xxx, 2399 complete) Password: 123qwe!@# (1 of 1 complete)
ERROR: [pop3.mod] Failed: Unexpected or no data received: (null)

vnc.c:815:12: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’
dh_struct->g = BN_new();

above mentioned error is shown during the make
i am using medua 2.2 which i downloaded from http://www.foofus.net/jmk/tools/medusa-2.2.tar.gz

Hello.
This problem occurs to me when cracking the VPS. It is also a list with any password list And the rest of the passwords are not checked

Hello,

I'm always getting the error "failed to identify logon prompt" when I try to bruteforce telnet service running on mikrotik router OS.

Thnaks in dvanced

Hey,

I have noticed that the RDP plugin does not work properly with an up-to-date freerdp. The configure detection seems to fail and HAVE_LIBFREERDP12 will not be defined and therefor tries to use freerdp_channels_global_init:

IMPORTANT: Couldn't load "rdp" [/usr/lib/medusa/modules/rdp.mod: undefined symbol: freerdp_channels_global_init].

the configure script fails to find WLog_CallbackAppender_SetCallbacks as that function does not exist in freerdp 1.2.0-beta1+android9 and also not in the current git HEAD.

configure: checking for FreeRDP library version 1.2...
checking for library containing WLog_CallbackAppender_SetCallbacks... no
configure: checking for FreeRDP library version 1.1 (with pass-the-hash)...
checking for library containing nego_set_restricted_admin_mode_required... none required
configure:  *** Detected FreeRDP library version 1.1 (with pass-the-hash). *** 

But as mentioned, its not just the detection of 1.2 but also the API changed and there is no Log_CallbackAppender_SetCallbacks function anymore in the current freerdp git HEAD (neither in the last tag 1.2.0-beta1+android9).

It would be great if the freerdp module works with the current git HEAD, i would highly appreciate that 😄
cheers,
anthraxx

Hi, I Know This Might Sound Silly But What Should I Do? Should I download A image and then mount it using PRoot & Try?
p.s I'm Still Learning About Linux & Networking 😅

medusa -h localhost -u admin -P ~/Documents/Tool/Wordlist/words-english.txt -M web-form -m FORM:"pwn/medusa-crack.php" -m DENY-SIGNAL:"Access Denied" -m FORM-DATA:"post?u=&p=&Login=Login"

My password is : parry.
But it stopped at

ACCOUNT CHECK: [web-form] Host: localhost (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: parrot (19228 of 29156 complete)
ACCOUNT CHECK: [web-form] Host: localhost (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: parrotlike (19229 of 29156 complete)
fish: “medusa -h localhost -u admin -P…” terminated by signal SIGSEGV (Address boundary error)

If I do it in bash, it gives me this:

ACCOUNT CHECK: [web-form] Host: localhost (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: parrotlike (19229 of 29156 complete)
Segmentation fault (core dumped)

I recompiled it for second time. But result is the same.

Although I could know password according to this damn fault, this is a bug
#14

I typed in the following command for brute forcing my G-mail account and I encountered 3 errors

INPUT

medusa -h smtp.gmail.com -u [email protected] -P psswd.txt -M smtp

OUTPUT

Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks [email protected]

ERROR: Hostname resolved to multiple addresses. Selecting first address for testing.
ERROR: Failed to match regex pattern within server's response.
ERROR: [smtp.mod] Unknown SMTP server response: 535-5.7.8 Username and Password not accepted. Learn more at[0D][0A]535 5.7.8 https://support.google.com/mail/?p=BadCredentials b11sm4292415pfr.38 - gsmtp[0D][0A]
ACCOUNT CHECK: [smtp] Host: smtp.gmail.com (1 of 1, 0 complete) User: [email protected] (1 of 1, 0 complete) Password: 123456 (1 of 10001 complete)

Hello upstream,
In Debian, we are including some patches:
http://sources.debian.net/src/medusa/2.2-2/debian/patches/

Most of them are small issues but it might be useful to have them in the main codebase.

Cheers, luciano

What happened to ssh support? It's still in the documentation...

Even though I don't specify -f :

/usr/local/bin/medusa -c 2000 -t1 -u admin -h 192.168.0.12 -P ./brute perso -M http 
Medusa v2.3_devel [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>

2023-05-12 22:33:23 ACCOUNT CHECK: [http] Host: 192.168.0.12 (1 of 1, 0 complete) User: admin (1 of 1, 0 complete) Password: e (1 of 5399042 complete)
2023-05-12 22:33:23 ACCOUNT FOUND: [http] Host: 192.168.0.12 User: admin Password: e [SUCCESS]

Same with deliberately wrong user name (admi instead of admin) :

/usr/local/bin/medusa -c 2000 -t1 -u admi -h 192.168.0.12 -P ./brute perso -M http 
Medusa v2.3_devel [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <[email protected]>

2023-05-12 22:33:23 ACCOUNT CHECK: [http] Host: 192.168.0.12 (1 of 1, 0 complete) User: admi (1 of 1, 0 complete) Password: e (1 of 5399042 complete)
2023-05-12 22:33:23 ACCOUNT FOUND: [http] Host: 192.168.0.12 User: admi Password: e [SUCCESS]

Log+Verbose:

/usr/local/bin/medusa -c 2000 -t1 -u admi -h 192.168.0.12 -P ./brute perso -M http  -b -v6 -w7
DEBUG [86F39000]: Successfully loaded login information.
GENERAL: Parallel Hosts: 1 Parallel Logins: 1
GENERAL: Total Hosts: 1 
GENERAL: Total Users: 1
GENERAL: Total Passwords: 5399042
DEBUG [7FFFF640]: startModule iId: 0 pLogin: 84B69C20 modParams->argv: 332732A0 modParams: 84B69C00
DEBUG [7FFFF640]: Trying module path of .
DEBUG [7FFFF640]: Attempting to load ./http.mod
DEBUG [7FFFF640]: Trying module path of /usr/local/lib/medusa/modules
DEBUG [7FFFF640]: Attempting to load /usr/local/lib/medusa/modules/http.mod
DEBUG [7FFFF640]: [getNextNormalCred] Initial credential set request for login module.
DEBUG [7FFFF640]: [getNextNormalCred] (PARALLEL_LOGINS_PASSWORD) setting user: admi
DEBUG [7FFFF640]: Connected (internal)
DEBUG [7FFFF640]: Data sent: GET / HTTP/1.1[0D][0A]Host: 192.168.0.12:80[0D][0A]User-Agent: Mozilla/1.22 (compatible; MSIE 10.0; Windows 3.1)[0D][0A][0D][0A]
DEBUG [7FFFF640]: Regular expession: "HTTP/1.* .*[0D][0A]"
DEBUG [7FFFF640]: Data receive: Data waiting.
DEBUG [7FFFF640]: Data received (17): HTTP/1.0 200 OK[0D][0A]
DEBUG [7FFFF640]: Formatted data received (size 17): HTTP/1.0 200 OK[0D][0A]
DEBUG [7FFFF640]: Successfully matched regex.
DEBUG [7FFFF640]: Disconnect successful
DEBUG [7FFFF640]: Connected (internal)
2023-05-12 22:57:14 ACCOUNT CHECK: [http] Host: 192.168.0.12 (1 of 1, 0 complete) User: admi (1 of 1, 0 complete) Password: e (1 of 5399042 complete)
2023-05-12 22:57:14 ACCOUNT FOUND: [http] Host: 192.168.0.12 User: admi Password: e [SUCCESS]
INFO: Login Module: 0 - Current user password list is complete, selecting next user.
INFO: Login Module: 0 - Current user password list is complete, rescanning userlist for unfinished credentials.
INFO: Login Module: 0 - Current user password list is complete, selecting next user.
INFO: Login Module: 0 - No more user accounts available for testing.
INFO: Login Module: 0 - No more users/passwords available in the normal queue.
DEBUG [7FFFF640]: Retrieving the next available credential set from list of previously missed sets.
INFO: Login Module: 0 - No additional missed users/passwords, setting credential status to CREDENTIAL_DONE.
DEBUG [7FFFF640]: Disconnect successful
GENERAL: Medusa has finished.

I noticed medusa wasn't working. I opened was wireshark and saw no traffic being generated. I checked dmesg and noticed a segfault anytime I ran it. I have kali at the latest version running on VMware workstation 15 pro with vmware tools installed.

[ 35.682869] systemd-xdg-autostart-generator[945]: Not generating service for XDG autostart app-pulseaudio-autostart.service, startup phases are not supported.
[ 219.081850] perf: interrupt took too long (2542 > 2500), lowering kernel.perf_event_max_sample_rate to 78500
[ 256.638144] perf: interrupt took too long (3216 > 3177), lowering kernel.perf_event_max_sample_rate to 62000
[ 264.027123] perf: interrupt took too long (4055 > 4020), lowering kernel.perf_event_max_sample_rate to 49250
[ 272.919344] perf: interrupt took too long (5107 > 5068), lowering kernel.perf_event_max_sample_rate to 39000
[ 282.759954] perf: interrupt took too long (6469 > 6383), lowering kernel.perf_event_max_sample_rate to 30750
[ 303.015633] perf: interrupt took too long (9103 > 8086), lowering kernel.perf_event_max_sample_rate to 21750
[ 334.980926] perf: interrupt took too long (11420 > 11378), lowering kernel.perf_event_max_sample_rate to 17500
[ 362.300176] medusa[1867]: segfault at 20 ip 00007f79c5420760 sp 00007ffdb0d27978 error 4 in libpthread-2.31.so[7f79c541c000+10000]
[ 362.300183] Code: ff ff 48 8d 0d 31 c0 00 00 ba a7 01 00 00 48 8d 35 af be 00 00 48 8d 3d de bd 00 00 e8 69 ba ff ff 66 0f 1f 84 00 00 00 00 00 <8b> 47 10 89 c2 81 e2 7f 01 00 00 83 e0 7c 0f 85 7c 00 00 00 53 48
[ 688.304614] perf: interrupt took too long (14287 > 14275), lowering kernel.perf_event_max_sample_rate to 13750
root@pwner:~#

root@pwner:~# valgrind -v medusa -v 6 -u admin -P /usr/share/wordlists/rockyou.txt -h 192.168.2.1 -M ssh
==2146== Memcheck, a memory error detector
==2146== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==2146== Using Valgrind-3.16.1-36d6727e1d-20200622X and LibVEX; rerun with -h for copyright info
==2146== Command: medusa -v 6 -u admin -P /usr/share/wordlists/rockyou.txt -h 192.168.2.1 -M ssh
==2146==
--2146-- Valgrind options:
--2146-- -v
--2146-- Contents of /proc/version:
--2146-- Linux version 5.7.0-kali3-amd64 ([email protected]) (gcc version 9.3.0 (Debian 9.3.0-15), GNU ld (GNU Binutils for Debian) 2.35) #1 SMP Debian 5.7.17-1kali1 (2020-08-26)
--2146--
--2146-- Arch and hwcaps: AMD64, LittleEndian, amd64-cx16-lzcnt-rdtscp-sse3-ssse3-avx-avx2-bmi-f16c-rdrand
--2146-- Page sizes: currently 4096, max supported 4096
--2146-- Valgrind library directory: /usr/lib/x86_64-linux-gnu/valgrind
--2146-- Reading syms from /usr/bin/medusa
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/ld-2.31.so
--2146-- Considering /usr/lib/debug/.build-id/1d/7aa1d2a5c941715ad76064ccb4ac38dccf48a2.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux
--2146-- Considering /usr/lib/debug/.build-id/54/299c4aec0e5e5f3d7b8135341351d0e1dbfc64.debug ..
--2146-- .. build-id is valid
--2146-- object doesn't have a dynamic symbol table
--2146-- Scheduler: using generic scheduler lock implementation.
--2146-- Reading suppressions file: /usr/lib/x86_64-linux-gnu/valgrind/default.supp
==2146== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-2146-by-root-on-???
==2146== embedded gdbserver: writing to /tmp/vgdb-pipe-to-vgdb-from-2146-by-root-on-???
==2146== embedded gdbserver: shared mem /tmp/vgdb-pipe-shared-mem-vgdb-2146-by-root-on-???
==2146==
==2146== TO CONTROL THIS PROCESS USING vgdb (which you probably
==2146== don't want to do, unless you know exactly what you're doing,
==2146== or are doing some strange experiment):
==2146== /usr/bin/vgdb --pid=2146 ...command...
==2146==
==2146== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==2146== /path/to/gdb medusa
==2146== and then give GDB the following command
==2146== target remote | /usr/bin/vgdb --pid=2146
==2146== --pid is optional if only one valgrind process is running
==2146==
--2146-- REDIR: 0x401f820 (ld-linux-x86-64.so.2:strlen) redirected to 0x580ca5f2 (vgPlain_amd64_linux_REDIR_FOR_strlen)
--2146-- REDIR: 0x401f600 (ld-linux-x86-64.so.2:index) redirected to 0x580ca60c (vgPlain_amd64_linux_REDIR_FOR_index)
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_core-amd64-linux.so
--2146-- Considering /usr/lib/debug/.build-id/f2/7641e081d3c37b410d7f31da4e2bf21040f356.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so
--2146-- Considering /usr/lib/debug/.build-id/25/7cdcdf80e04f91ca9e3b185ee3b52995e89946.debug ..
--2146-- .. build-id is valid
==2146== WARNING: new redirection conflicts with existing -- ignoring it
--2146-- old: 0x0401f820 (strlen ) R-> (0000.0) 0x580ca5f2 vgPlain_amd64_linux_REDIR_FOR_strlen
--2146-- new: 0x0401f820 (strlen ) R-> (2007.0) 0x0483bda0 strlen
--2146-- REDIR: 0x401c040 (ld-linux-x86-64.so.2:strcmp) redirected to 0x483cc90 (strcmp)
--2146-- REDIR: 0x401fd60 (ld-linux-x86-64.so.2:mempcpy) redirected to 0x4840740 (mempcpy)
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libdl-2.31.so
--2146-- Considering /usr/lib/debug/.build-id/a1/a4cba6355e7ee5d76aead3f18990d64f419454.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libpthread-2.31.so
--2146-- Considering /usr/lib/debug/.build-id/72/301e20084fe4fbbc192b75e50757eacd953de7.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libssl.so.1.1
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.6
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libgnutls.so.30.28.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/librt-2.31.so
--2146-- Considering /usr/lib/debug/.build-id/34/72eb30db68df279bc52c51dc676074eb5d6f40.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libm-2.31.so
--2146-- Considering /usr/lib/debug/.build-id/25/ca10d167540c167145377083b6b13772d8ff13.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libc-2.31.so
--2146-- Considering /usr/lib/debug/.build-id/9c/9b4c997fbbff4ea98320bb8c286051f9ed6513.debug ..
--2146-- .. build-id is valid
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.29.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libnettle.so.8.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libhogweed.so.6.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.0
--2146-- object doesn't have a symbol table
--2146-- Reading syms from /usr/lib/x86_64-linux-gnu/libffi.so.7.1.0
--2146-- object doesn't have a symbol table
--2146-- REDIR: 0x50d3e60 (libc.so.6:memmove) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3210 (libc.so.6:strncpy) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d4180 (libc.so.6:strcasecmp) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d2b30 (libc.so.6:strcat) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3270 (libc.so.6:rindex) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d5510 (libc.so.6:rawmemchr) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50ed6d0 (libc.so.6:wmemchr) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50ed270 (libc.so.6:wcscmp) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3fc0 (libc.so.6:mempcpy) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3df0 (libc.so.6:bcmp) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d31b0 (libc.so.6:strncmp) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d2be0 (libc.so.6:strcmp) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3f20 (libc.so.6:memset) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50ed230 (libc.so.6:wcschr) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3110 (libc.so.6:strnlen) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d2cb0 (libc.so.6:strcspn) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d41d0 (libc.so.6:strncasecmp) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d2c50 (libc.so.6:strcpy) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d4320 (libc.so.6:memcpy@@GLIBC_2.14) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50ee8d0 (libc.so.6:wcsnlen) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50ed2b0 (libc.so.6:wcscpy) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d32b0 (libc.so.6:strpbrk) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d2b90 (libc.so.6:index) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d30d0 (libc.so.6:strlen) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d9870 (libc.so.6:memrchr) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d4220 (libc.so.6:strcasecmp_l) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3db0 (libc.so.6:memchr) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50ed350 (libc.so.6:wcslen) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3550 (libc.so.6:strspn) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d4120 (libc.so.6:stpncpy) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d40c0 (libc.so.6:stpcpy) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d5550 (libc.so.6:strchrnul) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d4270 (libc.so.6:strncasecmp_l) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x50d3150 (libc.so.6:strncat) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x5150530 (libc.so.6:__memcpy_chk) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x51505f0 (libc.so.6:__memmove_chk) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
==2146== WARNING: new redirection conflicts with existing -- ignoring it
--2146-- old: 0x051a7a60 (__memcpy_chk_avx_una) R-> (2030.0) 0x04840820 __memcpy_chk
--2146-- new: 0x051a7a60 (__memcpy_chk_avx_una) R-> (2024.0) 0x04840240 __memmove_chk
--2146-- REDIR: 0x50d3ce0 (libc.so.6:strstr) redirected to 0x482e1b0 (_vgnU_ifunc_wrapper)
--2146-- REDIR: 0x51a48b0 (libc.so.6:__strrchr_avx2) redirected to 0x483b7b0 (rindex)
--2146-- REDIR: 0x51a4a80 (libc.so.6:__strlen_avx2) redirected to 0x483bc80 (strlen)
--2146-- REDIR: 0x51a1090 (libc.so.6:__memcmp_avx2_movbe) redirected to 0x483ee80 (bcmp)
--2146-- REDIR: 0x51a03f0 (libc.so.6:__strncmp_avx2) redirected to 0x483c370 (strncmp)
--2146-- REDIR: 0x51a4490 (libc.so.6:__strchr_avx2) redirected to 0x483b930 (index)
--2146-- REDIR: 0x519ffb0 (libc.so.6:__strcmp_avx2) redirected to 0x483cb90 (strcmp)
--2146-- REDIR: 0x50cf0b0 (libc.so.6:malloc) redirected to 0x4838710 (malloc)
--2146-- REDIR: 0x51a7a70 (libc.so.6:__memcpy_avx_unaligned_erms) redirected to 0x483f760 (memmove)
--2146-- REDIR: 0x50cfe10 (libc.so.6:calloc) redirected to 0x483aab0 (calloc)
--2146-- REDIR: 0x51a7a60 (libc.so.6:__memcpy_chk_avx_unaligned_erms) redirected to 0x4840820 (__memcpy_chk)
--2146-- REDIR: 0x50cf6e0 (libc.so.6:free) redirected to 0x4839940 (free)
--2146-- REDIR: 0x50ebf70 (libc.so.6:__strstr_sse2_unaligned) redirected to 0x4840920 (strstr)
--2146-- REDIR: 0x51a46c0 (libc.so.6:__strchrnul_avx2) redirected to 0x48402b0 (strchrnul)
--2146-- REDIR: 0x51a7a50 (libc.so.6:__mempcpy_avx_unaligned_erms) redirected to 0x48403c0 (mempcpy)
Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks [email protected]

--2146-- REDIR: 0x51a7ef0 (libc.so.6:__memset_avx2_unaligned_erms) redirected to 0x483f650 (memset)
--2146-- REDIR: 0x51a6340 (libc.so.6:__strncpy_avx2) redirected to 0x483bf70 (strncpy)
--2146-- REDIR: 0x50d39f0 (libc.so.6:__GI_strstr) redirected to 0x4840990 (__strstr_sse2)

^CALERT: Medusa received SIGINT - Sending notification to login threads that we are are aborting.
==2146== Invalid read of size 4
==2146== at 0x487A760: pthread_mutex_lock (pthread_mutex_lock.c:67)
==2146== by 0x11134C: thr_pool_wait (in /usr/bin/medusa)
==2146== by 0x10D7D9: sigint_handler (in /usr/bin/medusa)
==2146== by 0x488313F: ??? (in /usr/lib/x86_64-linux-gnu/libpthread-2.31.so)
==2146== by 0x5133E4B: read (read.c:26)
==2146== by 0x50C6859: _IO_file_underflow@@GLIBC_2.2.5 (fileops.c:517)
==2146== by 0x50C7AC1: _IO_default_uflow (genops.c:362)
==2146== by 0x50BAA1B: _IO_getline_info (iogetline.c:60)
==2146== by 0x50B9A15: fgets (iofgets.c:53)
==2146== by 0x10EC13: loadFile (in /usr/bin/medusa)
==2146== by 0x10CCD0: main (in /usr/bin/medusa)
==2146== Address 0x20 is not stack'd, malloc'd or (recently) free'd
==2146==
==2146==
==2146== Process terminating with default action of signal 11 (SIGSEGV)
==2146== Access not within mapped region at address 0x20
==2146== at 0x487A760: pthread_mutex_lock (pthread_mutex_lock.c:67)
==2146== by 0x11134C: thr_pool_wait (in /usr/bin/medusa)
==2146== by 0x10D7D9: sigint_handler (in /usr/bin/medusa)
==2146== by 0x488313F: ??? (in /usr/lib/x86_64-linux-gnu/libpthread-2.31.so)
==2146== by 0x5133E4B: read (read.c:26)
==2146== by 0x50C6859: _IO_file_underflow@@GLIBC_2.2.5 (fileops.c:517)
==2146== by 0x50C7AC1: _IO_default_uflow (genops.c:362)
==2146== by 0x50BAA1B: _IO_getline_info (iogetline.c:60)
==2146== by 0x50B9A15: fgets (iofgets.c:53)
==2146== by 0x10EC13: loadFile (in /usr/bin/medusa)
==2146== by 0x10CCD0: main (in /usr/bin/medusa)
==2146== If you believe this happened as a result of a stack
==2146== overflow in your program's main thread (unlikely but
==2146== possible), you can try to increase the size of the
==2146== main thread stack using the --main-stacksize= flag.
==2146== The main thread stack size used in this run was 8388608.
==2146==
==2146== HEAP SUMMARY:
==2146== in use at exit: 94,049 bytes in 702 blocks
==2146== total heap usage: 1,302 allocs, 600 frees, 108,775 bytes allocated
==2146==
==2146== Searching for pointers to 702 not-freed blocks
==2146== Checked 373,736 bytes
==2146==
==2146== LEAK SUMMARY:
==2146== definitely lost: 0 bytes in 0 blocks
==2146== indirectly lost: 0 bytes in 0 blocks
==2146== possibly lost: 0 bytes in 0 blocks
==2146== still reachable: 94,049 bytes in 702 blocks
==2146== suppressed: 0 bytes in 0 blocks
==2146== Rerun with --leak-check=full to see details of leaked memory
==2146==
==2146== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
==2146==
==2146== 1 errors in context 1 of 1:
==2146== Invalid read of size 4
==2146== at 0x487A760: pthread_mutex_lock (pthread_mutex_lock.c:67)
==2146== by 0x11134C: thr_pool_wait (in /usr/bin/medusa)
==2146== by 0x10D7D9: sigint_handler (in /usr/bin/medusa)
==2146== by 0x488313F: ??? (in /usr/lib/x86_64-linux-gnu/libpthread-2.31.so)
==2146== by 0x5133E4B: read (read.c:26)
==2146== by 0x50C6859: _IO_file_underflow@@GLIBC_2.2.5 (fileops.c:517)
==2146== by 0x50C7AC1: _IO_default_uflow (genops.c:362)
==2146== by 0x50BAA1B: _IO_getline_info (iogetline.c:60)
==2146== by 0x50B9A15: fgets (iofgets.c:53)
==2146== by 0x10EC13: loadFile (in /usr/bin/medusa)
==2146== by 0x10CCD0: main (in /usr/bin/medusa)
==2146== Address 0x20 is not stack'd, malloc'd or (recently) free'd
==2146==
==2146== ERROR SUMMARY: 1

no problem

hello
i am a ameture hacker and i know to hack devices with ssh and telnet and some basic stuff and i cannot carry my vbox with me i am working on a complete toolkit for windows users which they can carry around and hack from windows machine so i wanted to ask if u could complie the latest version and put it in the releases. PLEASE IT WILL BE VERY HELPFULL.

thank you
morpheuslord

there were some fixes in the tree related to dependencies that would be great to get released.

I get error

jay@JNET ~/Documents/Scripts/Medusa $ medusa -H target_ips.txt -U usernames.txt -P passwords.txt -M [ smbnt | http ]

http: error: ValueError: Invalid IPv6 URL
jay@JNET ~/Documents/Scripts/Medusa $ medusa -H target_ips.txt -U usernames.txt -P passwords.txt -M [ smbnt ]
Medusa v2.2_rc3 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks [email protected]

IMPORTANT: Couldn't load "[" [/usr/lib/medusa/modules/[.mod: cannot open shared object file: No such file or directory]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path].
invokeModule failed - see previous errors for an explanation
jay@JNET ~/Documents/Scripts/Medusa $ medusa -H target_ips.txt -U usernames.txt -P passwords.txt -M [ http ]
Medusa v2.2_rc3 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks [email protected]

IMPORTANT: Couldn't load "[" [/usr/lib/medusa/modules/[.mod: cannot open shared object file: No such file or directory]. Place the module in the medusa directory, set the MEDUSA_MODULE_NAME environment variable or run the configure script again using --with-default-mod-path=[path].
invokeModule failed - see previous errors for an explanation

whats the module i need for rtsp / port 554 ???

Medusa does not compile with OpenSSL 1.1.0 (see https://bugs.debian.org/828433).

In particular:

wrapper.o -MD -MP -MF $depbase.Tpo -c -o wrapper.o wrapper.c &&\
mv -f $depbase.Tpo $depbase.Po
depbase=`echo ../medusa-trace.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
x86_64-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../..  -I../../src  -Wdate-time -D_FORTIFY_SOURCE=2 -g -DDEBUG -fPIC -I/usr/include -I/usr/local/include -I/usr/include/postgresql -I/usr/include/pgsql -I/usr/include/afpfs-ng -I/usr//include  -I/usr/include/apr-1.0   -DLINUX -D_REENTRANT -D_GNU_SOURCE  -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -MT ../medusa-trace.o -MD -MP -MF $depbase.Tpo -c -o ../medusa-trace.o ../medusa-trace.c &&\
mv -f $depbase.Tpo $depbase.Po
vnc.c: In function 'sendAuthMSLogin':
vnc.c:815:12: error: dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
   dh_struct->g = BN_new();
            ^
Makefile:815: recipe for target 'vnc.o' failed
make[4]: *** [vnc.o] Error 1
make[4]: *** Waiting for unfinished jobs....
make[4]: Leaving directory '/<<PKGBUILDDIR>>/src/modsrc'
Makefile:433: recipe for target 'all-recursive' failed
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory '/<<PKGBUILDDIR>>/src'
Makefile:438: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/<<PKGBUILDDIR>>'
Makefile:335: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
debian/rules:27: recipe for target 'build-stamp' failed
make: *** [build-stamp] Error 2
dpkg-buildpackage: error: debian/rules build-arch gave error exit status 2

git clone https://github.com/jmk-foofus/medusa.git
cd medusa.git && git checkout 2.2
brew instal freerdp

./configure --enable-module-rdp=no --enable-module-ssh=yes --enable-module-svn=yes

make

/Applications/Xcode.app/Contents/Developer/usr/bin/make all-recursive
Making all in src
Making all in modsrc
depbase=echo cvs.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src -g -DDEBUG -fPIC -I/usr/include -I/usr/local/include -I/usr/include/postgresql -I/usr/include/pgsql -I/usr/include/afpfs-ng -I/usr/local/opt/openssl/include -g -O2 -Wno-deprecated-declarations -MT cvs.o -MD -MP -MF $depbase.Tpo -c -o cvs.o cvs.c &&
mv -f $depbase.Tpo $depbase.Po
depbase=echo ../medusa-trace.o | sed 's|[^/]*$|.deps/&|;s|\.o$||';
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src -g -DDEBUG -fPIC -I/usr/include -I/usr/local/include -I/usr/include/postgresql -I/usr/include/pgsql -I/usr/include/afpfs-ng -I/usr/local/opt/openssl/include -g -O2 -Wno-deprecated-declarations -MT ../medusa-trace.o -MD -MP -MF $depbase.Tpo -c -o ../medusa-trace.o ../medusa-trace.c &&
mv -f $depbase.Tpo $depbase.Po
gcc -g -O2 -Wno-deprecated-declarations -fPIC -L/usr/local/lib -L/usr/local/opt/openssl/lib -L/usr/local/lib/freerdp -o cvs.mod cvs.o ../medusa-trace.o -lfreerdp -lwinpr -lfreerdp-client -laudin-client -ldisp-client -lecho-client -lrdpei-client -lrdpgfx-client -ltsmf-client -lcliprdr-client -ldrdynvc-client -lencomsp-client -lrail-client -lrdpdr-client -lrdpsnd-client -lremdesk-client -ldrive-client -lparallel-client -lserial-client -lsmartcard-client -bundle -flat_namespace -undefined suppress -lcrypto -ldl -lpthread -lssl -lcrypto -ldl -framework CoreFoundation
ld: library not found for -lfreerdp
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[3]: *** [cvs.mod] Error 1
make[2]: *** [all-recursive] Error 1
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2

...so it can't find any one. The solution is so easy as doing ln -s /usr/lib64/medusa/modules /usr/lib/medusa/modules but it's a pity. Maybe it's just a problem of Fedora packaging, but I open this issue in case someone suffers the same problem.