information gathering – cupp – common user passwords profiler

CUPP – Common User Passwords Profiler

The most common form of authentication is the combination of a user name and a password or pass phrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.

A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

That is why CUPP was born, and it can be used in situations like legal penetration tests or forensic crime investigations.

backtrack 5 R1

/pentest/passwords/cupp

root@bt:/pentest/passwords/cupp# ./cupp.py -i

[+] Insert the informations about the victim to make a dictionary
[+] If you don’t know all the info, just hit enter when asked! 😉

> Name: jane
> Surname: smith
> Nickname: jayjay
> Birthdate (DDMMYYYY): 23101977

> Wife’s(husband’s) name: mark
> Wife’s(husband’s) nickname: markymark
> Wife’s(husband’s) birthdate (DDMMYYYY): 17101976

> Child’s name: tom
> Child’s nickname: tomtom
> Child’s birthdate (DDMMYYYY):

> Pet’s name: mrsmith
> Company name:

> Do you want to add some key words about the victim? Y/[N]:
> Do you want to add special chars at the end of words? Y/[N]:
> Do you want to add some random numbers at the end of words? Y/[N]
> Leet mode? (i.e. leet = 1337) Y/[N]:

[+] Now making a dictionary…
[+] Sorting list and removing duplicates…
[+] Saving dictionary to jane.txt, counting 3276 words.
[+] Now load your pistolero with jane.txt and shoot! Good luck!
root@bt:/pentest/passwords/cupp#

The created doc is saved to /pentest/passwords/cupp

2 thoughts on “information gathering – cupp – common user passwords profiler

  1. Thinks so mutch but how to teste my doctionnary i have inserted the informations according to your tutoriel, now tell us how to teste ? thinks.

  2. Hi lhoussain.

    Build a lab using Virtualbox or VM install a windows client and enable telnet on it. Telnet can be enabled on Windows by clicking ‘start’ button, then ‘Run’ and then type :

    services.msc

    services tab will open. Search for ‘Telnet’ (it is one of the last services). when u find it double click. And under Service click Start.

    Now using Nmap from your backtrack host type in root@bt:~# nmap -p 23 your hosts ip address.
    This will show you if telnet is open or not.

    Then use medusa

    root@bt:~# medusa -h (IP Address) -u (Username) -P (Location of password file) -M telnet -t1 -f -e ns

    More info http://www.myexploit.wordpress.com/control-medusa-passwords/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s