Carnivore - Predator
Formerly known as THC HackSuite, Carnivore - Predator stands at the forefront of cutting-edge cybersecurity tools, redefining the landscape of penetration testing with unparalleled innovation. Designed to empower ethical hackers, security professionals, and enthusiasts alike, Carnivore - Predator is the ultimate Pentest CMS that puts you in command.
current version: 0.7.0 - PREDATOR
home > documentation > apps > How to use Medusa Black
This article explains how to effectively make use of Medusa Black.
author: Remco Kouw
created: 29-May-2024
updated: 29-May-2024

Medusa Black Introduction

In this documentation we will go through the functionality of the Medusa Black app.

Carnivore has two versions of Medusa: Medusa White and Medusa Black. Medusa Black has a lot more options compared to Medusa White, Medusa Black is designed to steal configuration files, crack passwords and create custom shells for backdoor access to forum software.

Medusa also makes use of a built-in task system where you can monitor the progress of Medusa tasks. Both Medusa versions have their own separate task managing system which works similar to Carnivore's, but lacking any dedicated configuration page.

Interface Parameters:

  • choose your product: set a product to test
  • wordlists: selects a wordlist file from the Carnivore's Wordlists folder
  • connect with profile: if you have setup a profile you can skip most of the setup
  • database user: product database user
  • database pass: product database pass
  • database host: product database host
  • database name: product database name
  • use default settings: sets the default field names for this product
  • username field: database username field for user credentials table
  • email field: database email field for user credentials table, note, Medusa Black doesn't work on software that has the email field in a different table than the credentials table
  • hash field: database hash field for user credentials table
  • table name: name of the credentials table inside the database, don't include the table prefix in this field, instead use the table prefix option
  • table prefix: it's common during installation of forum software that you can set a database prefix field for the product's tables, if there's no prefix just leave this field empty

Options:

  • offline hash cracking: cracks a single (salted) hash using a dictionary attack, wordlists can be found in the Carnivore's Wordlists folder
  • medusa shells: creates (encrypted) shells that steal the configuration files for the selected type of software
  • direct hash cracking: attacks the database user table holding (salted) hashes using a dictionary attack, wordlists can be found in the Carnivore's Wordlists folder

Supported Applications:

  • AEF 1.x
  • AVS 2.2
  • Dolphin 7.x
  • Drupal6 6.x
  • Drupal7 7.x
  • Drupal8 8.x
  • FluxBB 1.4-1.5
  • IPB 3.4.x
  • Joomla2 2.x
  • Joomla3 3.x
  • MiniBB 3.x
  • MyBB 1.6.x
  • Phorum 5.2.x
  • phpBB 3.x
  • phpFusion 7.02

Resource Settings:

  • time limit: php default
  • memory limit: 256MB

Dependencies:

N/A

Expanding Medusa Black:

How to add content to Medusa

Known Issues:

N/A

How to use Medusa White || How to use Parasite
similar content
How to use Medusa WhiteHow to use ParasiteHow to use ModGlueHow to add content to MedusaHow to create a ModGlue application
Created by Remco Kouw: 2008-2024