Password Profiling & Wordlist Generation with CUPP (Common User Password Profiler)
July 01, 2016 —
metalkey
OS: Debian 8
CUPP was created by Muris Kurgas (aka j0rgan) from remote-exploit (http://remote-exploit.org/) and is an excellent tool for password profiling and wordlist optimization.
Installation
To install, simply clone the git repo.
user@debian8:~$ git clone https://github.com/Mebus/cupp.git
user@debian8:~$./cupp.py
-i Interactive questions for user password profiling
-w Use this option to improve existing dictionary, or WyD.pl output to make some pwnsauce
-l Download huge wordlists from repository
-a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.
user@debian8:~$
Password Profiling
In this example we will password profile the user "John Smith".
We have some basic information on this user and will fill out the appropriate fields.
user@debian8:~$ ./cupp.py -i
[+] Insert the informations about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)
> First Name:John
> Surname:Smith
> Nickname:John
> Birthdate (DDMMYYYY):12011955
> Partners) name:Mary
> Partners) nickname:Mary
> Partners) birthdate (DDMMYYYY):01031955
> Child's name:Mark
> Child's nickname:Mark
> Child's birthdate (DDMMYYYY):01011982
> Pet's name:Tim
> Company name:Amazon
> Do you want to add some key words about the victim? Y/[N]:y
> Please enter the words, separated by comma. [i.e. hacker,juice,black], spaces will be removed:chelsea,football,beer,beatles
> Do you want to add special chars at the end of words? Y/[N]:y
> Do you want to add some random numbers at the end of words? Y/[N]y
> Leet mode? (i.e. leet = 1337) Y/[N]:y
[+] Now making a dictionary...
[+] Sorting list and removing duplicates...
[+] Saving dictionary to john.txt, counting 40248 words.
[+] Now load your pistolero with john.txt and shoot! Good luck!
[+] Insert the informations about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)
> First Name:
> Surname:
> Nickname:
> Birthdate (DDMMYYYY):
> Partners) name:
> Partners) nickname:
> Partners) birthdate (DDMMYYYY):
> Child's name:
> Child's nickname:
> Child's birthdate (DDMMYYYY):
> Pet's name:
> Company name:
> Do you want to add some key words about the victim? Y/[N]:
> Please enter the words, separated by comma. [i.e. hacker,juice,black], spaces will be removed:
> Do you want to add special chars at the end of words? Y/[N]:
> Do you want to add some random numbers at the end of words? Y/[N]
> Leet mode? (i.e. leet = 1337) Y/[N]:
[+] Now making a dictionary...
[+] Sorting list and removing duplicates...
[+] Saving dictionary to john.txt, counting 40248 words.
[+] Now load your pistolero with john.txt and shoot! Good luck!
Our 40,248 line wordlist has been generated and saved as "john.txt"
user@debian8:~$ more john.txt
...
395503
39551955
39551955
395555
...
4m420n
4m420n!
4m420n!!
4m420n!!!
...
B33r1955355
B33r195555
B33r1955551
B33r1955552
...
Ch3l5342101
Ch3l5342112
Ch3l534212
Ch3l5342121
...
j0hnSm17h48
j0hnSm17h49
j0hnSm17h5
j0hnSm17h50
...
...
395503
39551955
39551955
395555
...
4m420n
4m420n!
4m420n!!
4m420n!!!
...
B33r1955355
B33r195555
B33r1955551
B33r1955552
...
Ch3l5342101
Ch3l5342112
Ch3l534212
Ch3l5342121
...
j0hnSm17h48
j0hnSm17h49
j0hnSm17h5
j0hnSm17h50
...
This wordlist may prove useful when cracking hashes, capture files, etc…
You can also download wordlists and improve wordlists using the -w, -l and -a options.
Tags: password