Forrest logo
back to the medusa tool

medusa:tldr:18bca

medusa: Execute brute force against an FTP server using a file containing usernames and a file containing passwords.
$ medusa -M ftp -h host -U ${path-to-username_file} -P ${path-to-password_file}
try on your machine

The command "medusa -M ftp -h host -U ${path-to-username_file} -P ${path-to-password_file}" is used to perform a brute-force attack on an FTP (File Transfer Protocol) server using the Medusa tool.

Let's break down the command:

  • "medusa" refers to the name of the tool being used for the attack.
  • "-M ftp" specifies the module to be used, in this case, the FTP module.
  • "-h host" specifies the target host or IP address of the FTP server.
  • "-U ${path-to-username_file}" specifies the file that contains a list of usernames to be used during the attack. "${path-to-username_file}" is a placeholder that should be replaced with the actual path to the username file.
  • "-P ${path-to-password_file}" specifies the file that contains a list of passwords to be used during the attack. "${path-to-password_file}" is a placeholder that should be replaced with the actual path to the password file.

In summary, this command launches Medusa with the FTP module, targeting the specified FTP server. It uses a list of usernames and passwords from files to attempt to find valid login credentials through a brute-force attack. It tries combinations of usernames and passwords until it either finds a successful login or exhausts the provided lists.

This explanation was created by an AI. In most cases those are correct. But please always be careful and never run a command you are not sure if it is safe.
back to the medusa tool