Home > Penetration Testing, Pentest Scripts > Medusa ‘combo’ word lists (default usernames and passwords) for SSH and Telnet services

Medusa ‘combo’ word lists (default usernames and passwords) for SSH and Telnet services

Cirt.net is a useful resource that contains the default credentials for various devices.

I wrote a script that crawls, parses and extracts the credentials from cirt.net and outputs them into the “combo” format as required by medusa. Medusa is a brute force tool for numerous services like MySQL, SMB, SSH, Telnet and etc.

Currently, only ssh and telnet related credentials are extracted from cirt.net.

You can download the “combo” word lists for ssh and telnet via the direct links below.

SSH combo list for Medusa

https://github.com/milo2012/pentest_scripts/blob/master/default_accounts_wordlist/wordList_ssh.txt

Telnet combo list for Medusa

https://github.com/milo2012/pentest_scripts/blob/master/default_accounts_wordlist/wordList_telnet.txt

Combined users.txt and passwords.txt that you can use with Patator (https://code.google.com/p/patator/) which is another awesome brute force tool.

Sample command for medusa “combo” SSH attack.
medusa -M ssh -C wordList_ssh.txt -H port22.txt

If you would like to play around with the python script, you can download the file at the below location.

Github

https://github.com/milo2012/pentest_scripts/tree/master/default_accounts_wordlist

Patator is another awesome tool that you can use for brute forcing SSH logins

https://code.google.com/p/patator/

Sample command for patator SSH attack

patator.py ssh_login host=10.0.0.1 user=FILE0 password=FILE1 0=users.txt 1=passwords.txt -x ignore:mesg=’Authentication failed.’

Shoutout

Special shoutout to Cirt.net for maintaining and providing the extensive database of default credentials at cirt.net/passwords

About these ads
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: