Results 1 to 3 of 3

Thread: Medusa only testing the first password in a list

  1. #1
    Just burned his ISO
    Join Date
    May 2010
    Texas, USA

    Default Medusa only testing the first password in a list

    Hello, all. I'm very new to backtrack and have been tinkering quite a bit for the past few days.

    Today I was trying to see if I could break into my router using a password list I knew contained my password. My problem is that medusa is only testing the first password in my list. I know the list has my password in it because I made it myself. I eventually used hydra and found the correct password, but I still would like to understand what I'm doing wrong.
    I've searched the forums, but I can't find any other posts that present a solution to this problem. I'd appreciate all the help I can get.

    These are the steps I used:

    nmap p-
    to find the open ports and services

    medusa –h –u admin –P /pentest/passwords/wordlists/plist.romans.txt –M http
    to try and find the password.

    As I stated before, this only tested the first password in the list, and said it was successful.

    After that didn't work, I used hydra to see if it was my word list or something else that I was doing wrong.
     hydra -l admin -P /pentest/passwords/wordlists/plist.romans.txt http-get /cgi-bin/index_tmp.html
    Using this command gave me the correct password in a matter of seconds.

    Can someone please help me out by either explaining what I've done wrong or pointing me in the right direction?

    Just to reiterate a couple things I've seen a lot on these kinds of posts:
    Yes, this is my router, that I own, on my network, that I'm accessing. Everything's 100% legal.
    Yes, I've googled and searched the forums quite a bit. I haven't been able to find an answer to my problem. If I missed something blatantly obvious, I'm sorry, but I did my best to not have to post.

    If you need any more info, just ask and I'll be glad to supply. Thanks for any and all help y'all are willing to give.


  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010

    Default Re: Medusa only testing the first password in a list

    nano or vi your password list to make sure the character returns aren't there. Editing password lists from windows will sometimes add them.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010

    Default Re: Medusa only testing the first password in a list

    I'm gong to guess that you actually need to use the web-form module not the http module. (Or maybe you simply need to specify options for http and not just trust the defaults.)

    To list modules use:
    medusa -d
    To get help on a specific module (such as http) use:
    medusa -M <module> -q
    medusa -M http -q
    Last edited by thorin; 07-23-2012 at 01:04 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. Testing Medusa
    By seag33k in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 01-17-2012, 10:57 PM
  2. Replies: 1
    Last Post: 03-22-2011, 03:49 PM
  3. BT4 WPA Password list?
    By phace in forum Beginners Forum
    Replies: 1
    Last Post: 06-13-2010, 07:09 PM
  4. Need WPA Password List.
    By fahad in forum OLD Newbie Area
    Replies: 15
    Last Post: 05-28-2009, 08:38 AM
  5. password list .tar.bz2
    By kidshoalin in forum OLD Newbie Area
    Replies: 4
    Last Post: 02-10-2009, 12:26 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts