Open kyo9999 opened 7 years ago
A few things:
medusa -d
? You should get a list of available modules and their path. Is rlogin.mod listed?it have rlogin.mod, and i remove sudo to exec, i get the same problem in virtual box kali linux medusa
root@k:~# medusa -d Medusa v2.2 http://www.foofus.net JoMo-Kun / Foofus Networks jmk@foofus.net
Available modules in "." :
Available modules in "/usr/lib/medusa/modules" :
i can not get more info root@k:~# medusa -u msfadmin -P '/password.lst.txt' -h 192.168.1.100 -M rlogin -v 6 Medusa v2.2 http://www.foofus.net JoMo-Kun / Foofus Networks jmk@foofus.net
GENERAL: Parallel Hosts: 1 Parallel Logins: 1 GENERAL: Total Hosts: 1 GENERAL: Total Users: 1 GENERAL: Total Passwords: 3545 ERROR: rlogin.mod failed: medusaReceive returned no data. CRITICAL: Unknown rlogin.mod module state -1 GENERAL: Medusa has finished.
Try with a -v 99 and -w 99
i can use rlogin to login remote ip, but medusa show follow
root@k:~# medusa -u msfadmin -P '/password.lst.txt' -h 192.168.1.100 -M rlogin -v 99 -w 99 Medusa v2.2 http://www.foofus.net JoMo-Kun / Foofus Networks jmk@foofus.net
DEBUG [CF13A700]: Ignoring blank line in file: /password.lst.txt. Resetting total count: 3545. DEBUG [CF13A700]: Successfully loaded login information. GENERAL: Parallel Hosts: 1 Parallel Logins: 1 GENERAL: Total Hosts: 1 GENERAL: Total Users: 1 GENERAL: Total Passwords: 3545 DEBUG AUDIT [CF13A700]: adding new server (0) to queue DEBUG AUDIT [CF13A700]: waiting for server pool to end DEBUG SERVER [CC165700]: Server ID: 0 Host: 192.168.1.100 iUserPassCnt: 3545 iLoginCnt: 1 DEBUG SERVER [CC165700]: Set IPv4 address: 192.168.1.100 (192.168.1.100) DEBUG SERVER [CC165700]: Adding new login task (0) to server queue (0) DEBUG SERVER [CC165700]: waiting for server 0 login pool to end DEBUG [CB964700]: startModule iId: 0 pLogin: CC164D00 modParams->argv: 1CEE110 modParams: CC164CD0 DEBUG [CB964700]: Trying module path of . DEBUG [CB964700]: Attempting to load ./rlogin.mod DEBUG [CB964700]: Trying module path of /usr/lib/medusa/modules DEBUG [CB964700]: Attempting to load /usr/lib/medusa/modules/rlogin.mod DEBUG MODULE [CB964700]: OMG teh rlogin.mod module has been called!! DEBUG [CB964700]: [getNextNormalCred] Initial credential set request for login module. DEBUG [CB964700]: getNextNormalCred setting user: msfadmin DEBUG MODULE [CB964700]: [rlogin.mod] module started for host: 192.168.1.100 user: msfadmin DEBUG [CB964700]: Connected (internal) DEBUG MODULE [CB964700]: Connected DEBUG [CB964700]: Data sent: msfadmin msfadmin xterm DEBUG [CB964700]: Data receive: Data waiting. DEBUG [CB964700]: Data received (1): [01] DEBUG [CB964700]: Data received (0): DEBUG [CB964700]: Data receive: No additional data. DEBUG [CB964700]: Formatted data received (size 1): [01] DEBUG [CB964700]: Data receive: Data waiting. DEBUG [CB964700]: Data received (0): DEBUG [CB964700]: Data receive: Socket indicated data present, but none found. ERROR: rlogin.mod failed: medusaReceive returned no data. CRITICAL: Unknown rlogin.mod module state -1 DEBUG [CB964700]: Disconnect successful DEBUG SERVER [CC165700]: destroying server 0 login pool DEBUG SERVER [CC165700]: Server thread exiting and server's userlist testing was marked as in progress. Was this host prematurely aborted? DEBUG SERVER [CC165700]: exiting server: 0 DEBUG AUDIT [CF13A700]: destroying server pool GENERAL: Medusa has finished.
Are you sure that it is indeed rlogin (513/tcp) running on the target host? What is the target host (e.g., OS, device type, etc)? It may be helpful to do a packet capture to see what the remote host is actually sending back, if anything.
root@kyo:~# rlogin -l msfadmin 192.168.254.128 i can remote login
linux 2.6.24-16-server
This is Metasploitable2 (Linux)
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.
https://sourceforge.net/projects/metasploitable/ This is Metasploitable2 (Linux) download here
vanhauser-thc commented 7 minutes ago kinda like I thought.
you can login via rlogin without a password. the password prompt you see comes from your client program, but the server never asks for one.
thats why hydra report that every password is correct.
root@k:~# sudo medusa -u msfadmin -P '/password.lst.txt' -h 192.168.1.100 -M rlogin Medusa v2.2 http://www.foofus.net JoMo-Kun / Foofus Networks jmk@foofus.net
ERROR: rlogin.mod failed: medusaReceive returned no data. CRITICAL: Unknown rlogin.mod module state -1
can you help me how to do next, thank you?