Welcome back, my fellow hackers! first a word to my followers: sorry i have been out for awhile, but i had finals, so i had to study. the good news is, I'll be rolling out articles again! and this time, we're going to look at a very nice tool called the Common User Password Profiler (CUPP)
What Is CUPP Exactly?
CUPP is a very powerful tool that creates a wordlist specifically for a person. CUPP is cross platform and written in Python. CUPP asks you questions about the target (name, wife's name, pet's name...) and then creates a password based on the keywords you entered. but how exactly does CUPP work?
humans, no matter how much we think we are unique, show the same patterns when it comes to passwords. we usually pick passwords that are easy to remember, so we take personal things into our passwords. for example, someone could easily remember a password that contains his birthday and the name of his wife. so for example, someone who has a wife named Lucy and was born on 05/07/1978, would have password like "Lucy05071978".
CUPP uses these "algorithms" that are hardwired in humans and exploits them, to generate a very effective wordlist.
i personally find CUPP very effective and it is my personal favorite for when i need to crack a password of a specific person. i once did an experiment with 20 friends to see if their password appeared on the CUPP wordlist after i gave CUPP some info about them, and guess what: 16 of the 20 had their password guessed by CUPP! anyway, enough talk, let's get our hands dirty!
Step 1Fire Up Kali and Git CUPP
our first step is of course to fire up Kali, our beloved hacking system. once we have Kali up and running, we need to make a directory to store our CUPP files in our home directory. so enter this command:
mkdir CUPP
then navigate to that directory
cd CUPP
once inside the CUPP directory, go ahead and enter the following line into your terminal:
if git doesn't work, you probably don't have it installed. if so, enter this command:
apt-get update && apt-get install git
if everything goes alright, you should recieve an output like this:
Step 2The Configuration File
like a lot of hacking tools, CUPP also has a configuration file. let's explore and manipulate it's options.
when we use the ls command after gitting CUPP, we can see that a new folder named "cupp" is created. when we navigate in that folder we see the following items:
cupp.py cupp.cfg docs which is a directory README.md you can read this if you are bored.
let's open the configuration with leafpad
leafpad cupp.cfg
we will be greeted with the following screen:
as you can see, there are many settings, but for now, we want to focus on the "1337 mode" and special chars settings.
first, what 1337 mode does is simply go through all the passwords CUPP generated, will replace, for example, a with 4 in that password, and add the new password to the wordlist. this mode makes your wordlist larger, but it increases your chances of success BY TONS. however, we want a to be equal to @ aswell. to do that, simply add this line under "leet".
a=@
next up the special characters. these characters will also be added randomly at the end of the passwords generated by CUPP. i will not edit these, but if you want to, you can simply add a character to it. the other settings are quite self explanational.
Step 3Using CUPP
now, we'll finally start using CUPP. start CUPP in interactive mode by invoking this command:
python cupp.py -i
here you will need to enter all the info of your target. you can get this info by doxingyour target. but as an example, my "target" will be John Smith, he is an electrician, born on 05/10/1987, and goes by the nickname "Tirrian". he has a wife named Barbara, but we don't know her nickname. we know his wife is born on 14/07/1989. he also has a son named Alex, we also don't know his nickname, but we know his son was born on 19/03/2005. we also know he has a dog named Laika and he owns a company named ElectricFab. (no copyright infringement intended if this fictional company actually exists.) furthermore we know he is a huge soccer fan and supporter of Real Madrid.
John had to remember his password easily, so he made his password barbara, but replaced the a's with @'s to make it more secure, and he also added the birthday of his wife, which is 14/07, but without the dashes. so his password is:
B@rb@r@1407
take note that this password contains atleast one capital letter, is 8 characters long, has a number in it, and has a special character, which are the minimum norms for passwords on most sites.
(ALSO, take note that JOHN SMITH IS NOT A REAL PERSON! well ok, maybe there is a John Smith, but this one is completely out of my imagination and doesn't exist in real life!)
let's see if CUPP can guess it. enter John's info as followed:
as we can see, CUPP generated a dictionary of 37 thousand possible passwords of John, called John.txt. let's see if we can find his password in the text file.
Step 4Search John.txt for the Password
now, simply open john.txt
leafpad john.txt
once it is opened, click "search" and click on "find". then enter john's password.
simply don't use a password associated with you. what i personally use to make difficult passwords are "password" sentences. they are extremely difficult to crack, but really easy to remember by you.
first, take a random sentence you can remember, for example: "My girlfriend is ten times more attractive than my Religion teacher!" can be translated to "Mgi10XmatmRt!". that there, is a really good password if you ask me.
for more info on how to protect yourself, have a look at master OTW's tutorial on how to create stronger passwords. (he even explained better than me how to create a passphrase).
that's it for now, folks! i hope you all enjoyed reading the article!
if you need any help or have any questions, feel free to PM me!
-Phoenix750
Bağlantıyı al
Facebook
X
Pinterest
E-posta
Diğer Uygulamalar
Bağlantıyı al
Facebook
X
Pinterest
E-posta
Diğer Uygulamalar
Bu blogdaki popüler yayınlar
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce After a long time, I Present you, Faitagram . I was disappointed, no one replied to this Anyway enough talking, Lets get right into the tutorial. Step 1 Getting Ready By the way, Faitagram stands for Fa(cebook)(tw)it(ter)(inst)agram. To clone the script, what you need to type in the terminal is : git clone https://github.com/Juniorn1003/Faitagram.git/ — Faitagram To clone the Faitagram script. After you cloned, type "ls" to see what is inside the folder. After you typed that, you would see 5 things : License, Readme, faitagram, setup.py and wlist. License is just a MIT license, Readme has informations about the script on it, faitagram is the main source, setup.py is for the installing dependencies, and wlist is a wordlist. You have that? Now lets chmod the files so we can access it. chmod +x faitagram &...
Denial-of-Service (DoS) Tools & Techniques Welcome back, my fledgling hackers! Over the years, we have examined multiple ways to own, exploit, or compromise a system. On the other hand, we have not spent a lot of time on denial-of-service (DoS) attacks. For those of you who are new here, a denial of service is basically a simple attack that keeps the target system from operating as it should. In its simplest form, it uses up all of the system resources so that others can't connect. More sophisticated attacks will cause the system to crash or create a infinite loop that uses all of the system's CPU cycles. In general, a DoS attack is the easiest and least sophisticated type of attack. Some have gone so far as to say that an eight-year-old could participate in a DoS attack, and there is some truth to that statement since some tools make it as easy as putting in an IP address and hitting "Start." In recent years, DoS and DDoS attacks (the latter of whic...
Embed a Metasploit Payload in an Original .Apk File Hi Fellas! I'm a new member to this community. Although I've been lurking around here for a while, I created an account and joined in recently. I've learned much from the creator here at NullByte, so I'm hoping to become a contributing member also, so that I can give something back. And that's why I decided to write this article sharing an script I discovered recently. I'm sure most of you, or at least those who have set a foot in the kingdom of hacking, have heard of Metasploit. From Wikipedia, The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and r...