{"id":1256,"date":"2021-08-21T22:30:03","date_gmt":"2021-08-22T04:30:03","guid":{"rendered":"https:\/\/www.jedge.com\/wordpress\/?p=1256"},"modified":"2021-08-21T22:30:03","modified_gmt":"2021-08-22T04:30:03","slug":"compile-medusa-with-smbv2-support-kali-linux","status":"publish","type":"post","link":"https:\/\/www.jedge.com\/wordpress\/2021\/08\/compile-medusa-with-smbv2-support-kali-linux\/","title":{"rendered":"Compile Medusa with SMBv2 Support &#8211; Kali Linux"},"content":{"rendered":"<p>I&#8217;ve been doing this for way too long and I&#8217;m getting old. I&#8217;m comfortable with specific tools I&#8217;ve used for 15 years. I like using <a href=\"https:\/\/github.com\/jmk-foofus\/medusa\">Medusa <\/a>created by jmk-foofus. What if your client has their shit together and have finally removed SMBv1? Originally I went and found a Windows XP system to run my password guessing attack against but that system isn&#8217;t in scope anymore. I also used other tools written in Powershell that can do a password spray but I like how quick Medusa is. It is also one of the few tools which can tell me if a password is valid but the account will need to change that password. So the commands below will get Medusa compiled with SMBv2 support in Kali Linux.<\/p>\n<p>Step 1 &#8211; Install all dependencies<br \/>\n<pre><code>\nsudo apt install autoconf automake docbook-xsl doxygen findutils libkrb5-dev libtool libxml2 libxslt1.1 libunistring-dev m4 libssl-dev pkg-config libwbclient-dev gettext\n<\/code><\/pre><br \/>\nStep 2 &#8211; Download the Source Code for Medusa and additional dependencies.<br \/>\n<pre><code>\ncd ~\/\nmkdir source\ncd ~\/source\ngit clone https:\/\/github.com\/simo5\/gssntlmssp.git\ngit clone https:\/\/github.com\/sahlberg\/libsmb2.git\ngit clone --branch add-libsmb2-support https:\/\/github.com\/jmk-foofus\/medusa.git\n<\/code><\/pre><br \/>\nStep &#8211; 3 Compile and Install Downloaded Software<br \/>\n<pre><code>\ncd ~\/source\/gssntlmssp\nautoreconf -f -i\n.\/configure\nmake\nsudo make install\n\ncd ~\/source\/libsmb2\nautoreconf -f -i\n.\/configure\nmake\nsudo make install\n\ncd ~\/source\/medusa\nautoreconf -f -i\n.\/configure\nmake\nsudo make install\n<\/code><\/pre><\/p>\n<p><strong>References<\/strong><br \/>\n<a href=\"https:\/\/github.com\/jmk-foofus\/medusa\">https:\/\/github.com\/jmk-foofus\/medusa<\/a><br \/>\nRonnie Sahlberg &#8211; Authored libsmb2<br \/>\n<a href=\"https:\/\/github.com\/sahlberg\/libsmb2\">https:\/\/github.com\/sahlberg\/libsmb2<\/a><br \/>\n<a href=\"https:\/\/github.com\/simo5\/gssntlmssp.git\">https:\/\/github.com\/simo5\/gssntlmssp.git<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve been doing this for way too long and I&#8217;m getting old. I&#8217;m comfortable with specific tools I&#8217;ve used for 15 years. I like using Medusa created by jmk-foofus. What if your client has their shit together and have finally removed SMBv1? Originally I went and found a Windows XP system to run my password [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[113,163,7],"tags":[],"class_list":["post-1256","post","type-post","status-publish","format-standard","hentry","category-compiling","category-hacking","category-scripts"],"_links":{"self":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/1256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/comments?post=1256"}],"version-history":[{"count":4,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/1256\/revisions"}],"predecessor-version":[{"id":1260,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/1256\/revisions\/1260"}],"wp:attachment":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/media?parent=1256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/categories?post=1256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/tags?post=1256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}