File: ChangeLog

package info (click to toggle)
medusa 2.1.1-1
  • links: PTS
  • area: main
  • in suites: jessie, jessie-kfreebsd
  • size: 2,100 kB
  • ctags: 1,645
  • sloc: ansic: 18,157; sh: 8,548; makefile: 204; perl: 110
file content (363 lines) | stat: -rw-r--r-- 11,842 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
================================================================
Version 2.1.1
================================================================

Minor release updates:
  - GCC 4.7 compile issue ("-module" removed)
  - SMBNT: fix infinite loop issue when testing against OS X
  - SNMP: remove socket flushing that caused us to miss passwords
  - IMAP: less restrictive regex to better match OK responses
  - POP3: restart connection after each attempt to deal with shunning

================================================================
Version 2.1
================================================================

Medusa Core Updates:

  - Combo format now accepts "host:user:lm hash:ntlm hash"
  - Autoconf updates and fixes
  - Removed PCRE library dependency (using stock glibc regex support)

Module Updates:

  - Numerous bug-fixes across modules (e.g., SSH2 thread-safety)
  - Support for UltraVNC MS-Logon (local/domain Windows credentials)

Additional Updates:
  - Third-party GUI released: 
    http://wiki.taksmind.org/index.php?title=Medusa-gui

================================================================
Version 2.0
================================================================

Medusa Core Updates:
  -Pool-based thread handling

  Previous version destroyed threads following the completion of a host
  or user test. The use of a thread pool should decrease the overall
  application overhead by limiting the frequency of thread destruction
  and creation. The original code ran into issues in several specific
  situations (e.g. testing over a thousand users with only a single 
  password). Such cases resulted in a large number of threads being
  created and destroyed in short order, frequently resulting in an
  application crash. The thread pool should eliminate this particular
  problem.

  -Modules now request next credential set (username + password)

  Modules previously called getNextPass(), which returned a valid password
  until the password list for the user being tested was exhausted. At that
  point, the module exited and the login thread was destroyed. A new thread
  and module instance would be created for the next user to test. We now
  use getNextCredetialSet(), which returns a valid user and password. This
  allows the module to get the next user to test and decide whether the
  connection needs to be completely torn down or not.

  -Secondary user credential queue added for missed login tests.

  In certain situations we need to scale back the number of concurrent
  login threads targetting a specific service. For example, MSDE's workload
  governor limits the service to no more than 5 concurrent connections. If
  the user kicked-off 10 parallel login threads, 5 of those are going to
  fail and terminate. The challenge is that each of those threads was 
  already assigned a credential set to test.

  The previous version simply printed the username and password combinations
  which were not tested and moved on. We now push these missed credentials
  into a host specific queue. Once the login threads have finished their
  normal checks, they move on to this queue and retry the previously missed
  credentials. In some cases, say it's the last thread that pushed something
  into the queue before exiting, we kick-off a clean-up thread to walk through
  any remaining items.

  -Host and User-level Resume

  Support for host and user-level resuming of a scan. When Medusa receives a 
  SIGINT, it will calculate and display a "resume map". This map can then be
  supplied to the next run. For example, "medusa [OPTIONS PREVIOUSLY USED] 
  -Z h6u1u2h8.". This map describes which hosts were completed and which 
  systems had not been touched. If a host was partially completed, it 
  describes which users had been tested for that specific system. It should 
  be noted that password-level resuming is not supported. If a user's 
  password list was only partially completed, testing of the user will be 
  restarted on resume.

Module Updates:
  FTP
    -Misc. fixes

  IMAP
    -Domain module option for BASIC/NTLM authentication types
    -Allow auth type to be specified
    -Misc. fixes (NTLM base64 length, restart HTTP connection after each request) 

  IMAP
    -Domain module option for LOGIN/NTLM authentication types
    -Regex-based server response matching for better handling of slow targets
    -Misc. fixes (handle dropped connections, force TLSv1, base64 length)

  MSSQL
    -Auto SQL port identification via "SQL Ping" technique
 
  NCP
    -Misc. fixes (connection retry code)
 
  POP3
    -Domain module option for NTLM authentication type
    -Regex-based server response matching for better handling of slow targets
    -Misc. fixes (base64 length)
    
  SMTP
    -Regex-based server response matching for better handling of slow targets

  SMTP-VRFY
    -Misc. fixes (don't include "@" if no domain specified)

  SSH
    -Detect and warn if being built on Debian/Ubuntu system (broken libssh2)

  VMAUTHD
    -Regex-based server response matching for better handling of slow targets

  Web-Form
    -Misc. fixes

  WRAPPER
    -Misc. fixes (fix handling of short usernames/passwords)

================================================================
Version 1.5
================================================================

Medusa Core Updates:
  -Provides additional information about current account check (e.g. 172.22.110.58 (60 of 104, 51 complete))
  -Support for simple resume by host. 
  -Bug fix for "-e" option
  -Bug fix for displaying hostname vs. IP
  -Added function for printing a specified length of binary data in hex

Module Updates:
  AFP
  -Added new module for Apple Filing Protocol from pmonkey

  HTTP
  -NTLM auth bug fix
  -Digest authentication support (MD5 and MD5-sess)

  IMAP
  -STARTTLS extension support
  -NTLM support

  MYSQL
  -Misc. bug fixes

  POP3
  -STARTTLS extension support
  -Better handling of connections dropped by remote server
  -Support user-supplied domain names
  -LOGIN, PLAIN, and NTLM support

  SMBNT
  -Created framework for different authentication levels (e.g. LM, NTLM, etc).
  -Support for basic LM authentication to allow for case insensitive bruting
  -NTLMv2/LMv2 support (Vista bruting)
  -Fix for guest user check
  -Support for "DOMAIN\USER" and "DOMAIN\\USER" style names

  SMTP
  -Renamed SMTP-AUTH to SMTP
  -NTLM support

  SMTP-VRFY
  -Misc. bug fixes

  SSH
  -Honor number of user specified retries
  -Restart connection when server fails to respond with auth modes after several attempts

  TELNET
  -Basic AS/400 Telnet / TN5250 support
  -Log hosts supplying only a password prompt (non-AAA)

  VMAUTHD
  -Misc. bug fixes

  WEB-FORM
  -Misc. bug fixes for user-supplied FORM-DATA value

Misc. Updates:
  -Added ZSH Functions file
  -Updated Medusa ebuild version and added new module dependencies.

================================================================
Version 1.4
================================================================

Medusa Core Updates:
  -Major re-working of the autoconf setup. Modules can now be enabled/disabled 
   individually. Also, modules for which the base dependencies are not 
   satisfied are simply not built. In the past they were compiled, but left in 
   a non-functional state. The default is to build all "stable" modules.
  -APR version detection
  -Misc bug fix in networking code
  -SSL socket rework. Fixes issue with concurrent mixed SSL and non-SSL 
   connections (FTPS).

Module Updates:
  FTP
  -Added support for explicit and implicit SFTP
  -Better handling of FTP banners

  HTTP
  -Now leaves user specified value intact within Host: header
  -Minor code cleanup

  IMAP
  -LOGIN AUTH support
  -Added TAG module parameter 
  -No longer restarts connection after each attempt

  NNTP
  -Added module with AUTHINFO support

  POP3
  -No longer restarts connection after each attempt

  MySQL
  -Misc bug fixes / error handling
  -Added MySQL pre-4.1 pass-the-hash support

  NCP
  -Misc bug fixes
  
  SMBNT
  -Misc bug fixes
  
  SMTP-AUTH
  -AUTH PLAIN support
  -AUTH LOGIN (e.g. Exchange) support

  SSH
  -Handles new libssh2 error messages
  -Libssh2 (0.18) should no longer cause Medusa to hang on SSHv1 hosts or when
   the target refuses to send its banner. 
  -Added banner parameter verification (Luciano Bello)

  VNC
  -Misc bug fixes

  WEB-FORM
  -Added new module from Luciano Bello

  WRAPPER
  -Better handling of failed attempts within oracle.pl script

================================================================
Version 1.3
================================================================

Medusa Core Updates:
  -Module listing fix for OpenBSD/AMD64
  -Autoconf tweaks for NCP & SVN checks
  -Autoconf tweaks for Solaris/OpenBSD
  -Removed unnecessary IP address checks
  -Other minor bug fixes

================================================================
Version 1.2
================================================================

Moved following modules to stable:
  NCP, VNC, PostgreSQL, SVN, CVS, VmAuthd, SNMP

Medusa Core Updates:
  -Compile on x86_64, Mac OS X.
  -Minor bug fixes.
  -Modified license with OpenSSL GPL exemption.

Module Updates:
  SMBNT
  -Added AS/400 target support.
  -Global "-e" option now works with module "PASS:HASH".

  FTP
  -Modified response parsing code to support AS/400 brute-forcing.

  REXEC
  -Modified response parsing code.

  Wrapper
  -Added oracle script.
  -Added SMB NULL session script.

================================================================
Version 1.1
================================================================

Added following modules (unstable): 
  CVS, NCP, PostgreSQL, SMTP/VRFY, SNMP, SVN, VmAuthd, VNC

Moved following modules to stable:
  PcAnywhere, FTP, IMAP, RSH, REXEC, RLOGIN, and generic wrapper

Medusa Core Updates:
  -Display module list sorted alphabetically
  -Compiles on OpenBSD
  -Added delayed receive functions which allow the modules to specify the timeout
   for both the initial socket read and the second "is any more data there?" check.
  -Modified SSL connect function. The function now takes an already existing socket 
   and switches it over to SSL. This is needed for modules like VMAUTHD.
  -Major rework of network receive function. Original code was copied from Hydra and
   seemed to have some issues.
  
Module Updates:
  HTTP
  -Added check for 301 error code (success)
  -NTLM authentication support

  IMAP
  -Minor code cleanup

  MySQL
  -Added support for testing accounts without password

  PcAnywhere
  -Added sleep to deal with servers freaking out when attempts arrive too quickly

  POP3
  -Added AS/400 mode. Examines error codes to give us better information about 
   account status.

  SMBNT
  -Added check to detect non-existent accounts when auditing an XP client

  Telnet
  -Moved receive functions to new delayed receive functions. This is slower, but
   we should actually be able to brute devices with long logon banners now.

  Wrapper
  -Added support for scripts to pass error messages back to Medusa.

Misc. Updates:
  Rdesktop
  -Added better success/failure detection
  -Added support to detect various error messages
  -Added basic W2K support
  -Added basic OS detection
  
  Ebuilds
  -Updated libssh2 ebuild based on bugs.gentoo.org feedback.
  -Updated Medusa ebuild based on bugs.gentoo.org feedback.
  -Updated Medusa version and added new module dependencies.
  -Modified ncpfs ebuild for "install-dev" option.

================================================================
Version 1.0
================================================================

Initial release
Modules (stable): HTTP, MS-SQL, SMBNT, SSHv2, Telnet, POP3 and MySQL
Modules (unstable): RSH, RLOGIN, REXEC, FTP, IMAP, PcAnywhere, and generic wrapper