ClsHack.it

Notevoli, sono i cambiamenti di questa versione di medusa, un potente e valido password cracker alternativo ad hydra.
Per chi volesse, una spiegazione più completa:
MEDUSA:Password(http/ftp/mysql…etc) Cracker for GNU/Linux

Ma, visto che i repository di ubuntu non si sono ancora aggiornati, dovremo compilarci medusa 2 a mano [sono 3 comandi -.-' quindi facciamo presto :) ]

================================================================
Version 2.0
================================================================

Medusa Core Updates:
-Pool-based thread handling

Previous version destroyed threads following the completion of a host
or user test. The use of a thread pool should decrease the overall
application overhead by limiting the frequency of thread destruction
and creation. The original code ran into issues in several specific
situations (e.g. testing over a thousand users with only a single
password). Such cases resulted in a large number of threads being
created and destroyed in short order, frequently resulting in an
application crash. The thread pool should eliminate this particular
problem.

-Modules now request next credential set (username + password)

Modules previously called getNextPass(), which returned a valid password
until the password list for the user being tested was exhausted. At that
point, the module exited and the login thread was destroyed. A new thread
and module instance would be created for the next user to test. We now
use getNextCredetialSet(), which returns a valid user and password. This
allows the module to get the next user to test and decide whether the
connection needs to be completely torn down or not.

-Secondary user credential queue added for missed login tests.

In certain situations we need to scale back the number of concurrent
login threads targetting a specific service. For example, MSDE’s workload
governor limits the service to no more than 5 concurrent connections. If
the user kicked-off 10 parallel login threads, 5 of those are going to
fail and terminate. The challenge is that each of those threads was
already assigned a credential set to test.

The previous version simply printed the username and password combinations
which were not tested and moved on. We now push these missed credentials
into a host specific queue. Once the login threads have finished their
normal checks, they move on to this queue and retry the previously missed
credentials. In some cases, say it’s the last thread that pushed something
into the queue before exiting, we kick-off a clean-up thread to walk through
any remaining items.

-Host and User-level Resume

Support for host and user-level resuming of a scan. When Medusa receives a
SIGINT, it will calculate and display a “resume map”. This map can then be
supplied to the next run. For example, “medusa [OPTIONS PREVIOUSLY USED]
-Z h6u1u2h8.”. This map describes which hosts were completed and which
systems had not been touched. If a host was partially completed, it
describes which users had been tested for that specific system. It should
be noted that password-level resuming is not supported. If a user’s
password list was only partially completed, testing of the user will be
restarted on resume.

Module Updates:
FTP
-Misc. fixes

IMAP
-Domain module option for BASIC/NTLM authentication types
-Allow auth type to be specified
-Misc. fixes (NTLM base64 length, restart HTTP connection after each request)

IMAP
-Domain module option for LOGIN/NTLM authentication types
-Regex-based server response matching for better handling of slow targets
-Misc. fixes (handle dropped connections, force TLSv1, base64 length)

MSSQL
-Auto SQL port identification via “SQL Ping” technique

NCP
-Misc. fixes (connection retry code)

POP3
-Domain module option for NTLM authentication type
-Regex-based server response matching for better handling of slow targets
-Misc. fixes (base64 length)

SMTP
-Regex-based server response matching for better handling of slow targets

SMTP-VRFY
-Misc. fixes (don’t include “@” if no domain specified)

SSH
-Detect and warn if being built on Debian/Ubuntu system (broken libssh2)

VMAUTHD
-Regex-based server response matching for better handling of slow targets

Web-Form
-Misc. fixes

WRAPPER
-Misc. fixes (fix handling of short usernames/passwords)

Vediamo ora come installarlo sul nostro ubuntu.

Allora aprimo il terminale, e scarichiamo medusa:
wget http://www.clshack.it/nopaste/medusa2.tar.gz

sudo apt-get install libssl-dev
Per abilitare il modulo ssh2:
sudo apt-get install libssh2-1-dev
Estraiamo ora i file:
tar -xzf medusa2*
Entriamo nella cartella:
cd medusa*
Compiliamo:
./configure
make
sudo make install
Perfetto, ora digitiamo:
medusa -version
per controllare che si sia installato correttamente.
Digitiamo ora, per visualizzare le opzioni:
medusa -h

Buon cracking :D

Ciao ;)

Altri:

1. MEDUSA:Password(http/ftp/mysql…etc) Cracker for GNU/Linux
2. Cambiare la password a WINDOWS da ubuntu :)
3. Compilare ophcrack 3.3.1 su UBUNTU 9.10
4. [WORDLIST]DOWNLOAD ITALIANO/ENGLISH FOR PASSWORD CRACKING
5. UBUNTU e Gerix WIFI Cracker chiave wep? wpa? TROVATA :)