你好
Social media is amazing!
Other than using it to keep in touch with friends and relative, it also allows us to get the latest news in real time. When used correctly, it allows professionals to showcase their expertise, share their thoughts on relevant topics, and establish themselves as thought leaders in their niche.
Common User Passwords Profiler(CUPP), is a tool that harnesses the power of OSINT (Open Source Intelligence) to generate customized password lists, which are invaluable for brute-forcing accounts. By analyzing publicly available information, CUPP compiles personalized password dictionaries tailored to the target, aiding in efficient account penetration testing and security assessments. Let’s see that in action.
CUPP does not come preinstalled on Kali Linux. To install, we can use the following command sudo apt install cupp or clone it from the Github repository. I already have it installed on mine.
Please ensure that Python 3 is installed on your machine, before continuing with installation.
CUPP, is a very easy to use tool. All you need is the information of your target and you are ready to go.
Our target will be ‘Barbie’, the iconic doll. Given the abundance of information available about her on the internet, she makes for an ideal target. We’ll be using her wikipedia page to compile the necessary information.
To start using cupp and inserting the needed information, we need to use it in interactive mode. we do that using the command:
cupp -i
From here, you need to insert the correct answers in the given prompts:
└─$ cupp -i
___________
cupp.py! # Common
\ # User
\ ,__, # Passwords
\ (oo)____ # Profiler
(__) )\
||--|| * [ Muris Kurgas | j0rgan@remote-exploit.org ]
[ Mebus | https://github.com/Mebus/]
[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)
> First Name: Barbara
> Surname: Roberts
> Nickname: barbie
> Birthdate (DDMMYYYY): 09031959
> Partners) name: Kenneth Sean Carson
> Partners) nickname: ken
> Partners) birthdate (DDMMYYYY): 11031961
> Child's name:
> Child's nickname:
> Child's birthdate (DDMMYYYY):
> Pet's name: Taffy
> Company name: Mattel
> Do you want to add some key words about the victim? Y/[N]: y
> Please enter the words, separated by comma. [i.e. hacker,juice,black], spaces will be removed: pink,wisconsin
> Do you want to add special chars at the end of words? Y/[N]: n
> Do you want to add some random numbers at the end of words? Y/[N]:n
> Leet mode? (i.e. leet = 1337) Y/[N]: n
[+] Now making a dictionary...
[+] Sorting list and removing duplicates...
[+] Saving dictionary to barbara.txt, counting 3906 words.
[+] Now load your pistolero with barbara.txt and shoot! Good luck!The password list has been saved as ‘barbara.txt’ and contains 3906 words. With this comprehensive list at hand, gaining access to Barbie’s account, especially if her password is weak, will be a walk in the park.
This tool is super handy for things like Capture the Flag competitions and client-approved password security tests.
Caution: The information provided in this post is intended for educational and informational purposes only. Any actions taken based on this information are the sole responsibility of the reader. It is imperative to use any knowledge or tools acquired from this post ethically and within the bounds of the law. I hereby disclaim any liability for any misuse or illegal activities conducted using the information provided herein.
That is how you use CUPP to create custom password list that can be used to bruteforce authentication on different accounts.
As seen above, if used without caution, social can pose significant risks to both an organization’s security and an individual’s privacy. We must be mindful of the information we share on social platforms, as it could inadvertently disclose sensitive details about our work, projects, or employer. Moreover, malicious actors often leverage social engineering techniques to gather information about their targets, making oversharing on social media a potential security threat.
I hope you have learnt something and can now use CUPP like a pro. If you have any questions, my twitter and linkedIn are always open. Don’t forget to clap, share and comment. Till next time, 再见.
