The MySQL module tests accounts against the MySQL service.
In addition to normal password brute force attempts, this module supports
"pass-the-hash" abilities for older MySQL (pre-4.1) hashes. The older MySQL
pre-4.1 authentication scheme is vulnerable to a pass-the-hash authentication
attack. Utilizing the old-style hashes gathered from a MySQL database, a user
can use Medusa to verify their validity on other servers. A modified MySQL
client can also be use to connect to located services directly utilizing a
valid hash.
Medusa Documentation