Hello Friends!! Today we are going explore the function of
Cupp which is an authoritative tool that creates a wordlist especially
particular for a person that can be use while making brute force attack for
guessing login credential.
Table of Content
Introduction to Cupp
How Cupp Works
Getting Started
Generating Custom Dictionary
Adding to Custom Dictionary
Downloading Dictionaries from Cupp Repository
Downloading Default Usernames and Passwords
Quiet Mode
Introduction
to Cupp
Cupp stand for Common
User Passwords Profiler and this tool can be used in many circumstances
like license penetration tests or forensic crime investigations, CUPP is a
cross platform and written in Python and it’s functioning is simple but with
very powerful results. This application is a social engineers best friend when
it comes to crating targeted password dictionaries which are tailored to an
individual.
How
Cupp Works
Cupp takes vectors from the profiling done for an
individual, such as their nick name, pets name, child’s birthdate, etc. It
works on the principle that a password is, more often, a combination of things
known to an individual. These known thing are often personal details that are
very close to person’s heart.
In cases when a person might use special notations in place
of alphabets (e.g: leet can be written as 133t) Cupp has you covered.
Installation
and Configuration
Cupp can be downloaded from GitHub using the “git clone”
command. Winthin the downloaded Cupp folder, run the “cup.py” file. Once the
file is run, the program shows you the various options it has to offer.
git clone https://github.com/Mebus/cupp.git
cd cup
ls
./cup.py
Optional Arguments:
-i Interactive questions for user password
profiling
-w FILENAME Use this option to profile existing
dictionary,
-l Download huge wordlists from repository
-a Parse default usernames and passwords
directly from Alecto DB.
Project Alecto uses purified databases of Phenoelit and
CIRT which merged and enhanced.
-v Version of the program
Generating
Custom Dictionary
Now it’s time to have some fun!
We will be using the interactive option to generate the
custom dictionary. You will see that we have the option to input options such as pet’s name, child’s name, partners
nickname, etc. All these things are highly personal and very common to find
these things in a password, one way or another.
There’s also an option to add any specific keywords, special
characters and random numbers. Apart from all this, there’s the option to
activate Leet mode, this will make the generated dictionary extremely
effective.
That’s all, the dictionary now gets made and saved.
./cupp.py -i
Adding
to Custom Dictionary
Cupp gives us the option to add more words to our created
dictionary. We can customize the kind of words we would like to add by using
the provided options.
./cup.py -w raj.txt
Now that we have successfully executed the command, now
let’s traverse to the location to ensure whether the output has been saved on
the file on not. In this case our location for output is /root/cupp /raj.txt.cupp.txt
Downloading
Dictionaries from Cupp Repository
Cupp has its own repositories of dictionaries which are pre
classified. These dictionaries can be downloaded and used. The downloaded files
are compressed and have to be uncompressed to be viewed.
Enter the number to choose name to select dictionary you
want to download, we have pressed 16
and downloaded to view a dictionary of Hindi names.
./cupp.py –l
cd directories
cd hindi
gzip -d
hindu-names.gz
cat hidu-names
Downloading
Default Usernames and Passwords
Cupp can download premade dictionaries holding the most
common usernames and passwords from the project Alecto database for usage.
./cupp.py –a
ls
cat alectodb-password.txt
Quiet
Mode
Quiet mode is for running Cupp in a more hush-hush way. If
you’re the kind of person who does not want a big banner on their screen
showing everyone what you’re doing, you’ll like this option. This basically
makes for a cleaner screen while cup is carrying out the commands you’re giving
it, without the funny cow popping up on top.
We’re going the couple the quite mode option with the
dictionary download option that we demonstrated above.
./cupp.py –a –q
We hope you enjoyed this basic walkthrough of the Cupp
application. It is a very handy and easy to use tool when it comes to making
custom dictionaries. Go ahead and see if it can guess your password.
Stay tuned for more articles on
the latest and greatest in hacking!!!
0 comments:
Post a Comment