This is Dean Pompilio
on your subject matter expert for social engineering,
and we're still doing demos.
information gathering tools
and this demo. We're gonna look a tool called Cup,
and this is a tool you can get from Get Hub,
so go to get help dot com.
Typing cup with two p's
and the one you want is right here. Common User Passwords profiler
so you can check out the Read Me file. There's also a config file.
We'll take a look at that in a moment.
And then there's the Python script.
And so what this tool does is allows you to
answer a bunch of questions to generate
a list of possible passwords to use in the dictionary file.
And you can also download
other dictionaries for different languages or different topics like religion or science
so you can. You can expand
and improve upon those dictionaries as well.
So after some use of the tool,
you could generate quite a few large dictionaries that are
going to give you some great input files. Dictionary files
to use for dictionary based password cracking
or if, if you want, you can always hash those dictionary files for Rainbow Tax.
The Rainbow Attack is using a pre hashed password file, so it's a lot faster.
Anyway. That's a topic for another video.
So the interactive mode is what we'll be looking at,
the, uh, Dash W option
helps you to improve
an existing dictionary,
and Daschle helps you to download those. So we'll look at the download menu
go ahead and run the interactive mode.
All right, so let's open up our command shell.
Like most Lennox Callie tools,
they are located and user share,
so we'll go ahead and run cup
help screens. We can see what that looks like
again. It's the common user passwords profile.
the word lists you see I have a nice man. You here
I can download the American wordless I'll pick Number three
downloads a zipped tar archive.
Take a couple seconds there.
Then I will. I think I want to get the science
dictionary word list as well,
so I've got algae, bacteria, fungi,
microalgae, viruses, asteroids and looks like asteroids. Air it out. That's fine. Still have some other choices available?
Let's get the random dictionary word list.
How I typed it out instead of typing the number. That's funny.
No, it doesn't like it.
I think that's supposed to be 29. Looks like a type on the menu.
drugs, junk numbers, phrases, sports.
That's a good topics there.
Okay, so now I've got some dictionary files that I can use.
But right now I'm more interested in generating a wordless based on.
Basically, this is the rule based attack for passwords.
Rule based attack means that you are
answering questions about the top, the target
a list of words for a dictionary file from that.
So what is the Target's first name?
Uppercase. Lower case
may matter a little bit, so we'll just stay a lower case for right now.
It'll try both Jim Smith,
his nickname. That's what we'll call him Jimmy.
And we'll say he was born on
What is Jim's partner?
Jim's partner is probably named Sue
and she was born on Christmas
his nickname's Billy,
and he was born on New Year's Day
All right. So does Jim have any pets? I believe he has a dog named Boomer.
And due to other social engineering reconnaissance, we know that
this target works for
so we can add keywords about the victim's. I'll say yes to that.
adjectives, basically that describe Jim things that that he might incorporate into a password.
doesn't like to spend money, so we'll say one of the world's gonna be cheapskate.
However, Jim is very religious,
as a word. We can also add
Hunter. Maybe he likes to hunt,
and we also know that he likes to play poker.
during the information gathering stage. Reconnaissance and foot printing type information.
All right, we want special characters at the end of words.
Well, say yes. We get more passwords that way.
Random numbers of the underworld will also say yes for this.
That's a good idea, since sometimes you try to create an account,
and maybe you can't get the one you want, so you take one that has the next number in line that could be
effective for passwords as well.
And then lead mode means that we're going to substitute letters and characters,
our numbers and characters for
letters of the alphabet. So we'll say yes for that as well.
So based on those simple questions that I answered over the course of about two minutes, I just generated
That's pretty impressive.
So now let's just have a peak of these.
A lot of these are going to the passwords that air date based, of course, because we gave some birthdates.
Sometimes people use these four passwords. It's a terrible idea what it happens
random combinations of certain special characters. It looks like
more passwords, and you get the basic idea
so we can scroll through and see if he's got a little bit more interesting.
So there's some that relate to his dog. I saw Boomer go by
there. It goes to some boomer variations,
so this is very easy to use, very simple, to generate a huge list,
another thing to consider here is
greenbow table. So you have to use a different tool
in order to convert that.
Okay, so we've looked at some of the passwords.
Now, let's have a quick review of the config. File
display it like this.
we can see the character Substitution is here.
Number four for letter A zero for a No. Nine Fergie. And of course, you can add alternate ones
The special characters are listed here so we can control that list.
They're random years you can set.
And then lastly, we have some parameters
for the range of random numbers.
So if you're gonna use random numbers,
those will be generated from this range of numbers
and then we also have the length.
So from a 5 to 12 character
and then lastly, there's a threshold
for how many words you want Thio parts from an existing word list.
If you have a lot of memory under system, you can make this number a little bit Hiler higher if you wish.
And lastly, we have the repositories where you can get those dictionary files so you can specify new ones if you wish.
Okay, so the default settings for cup are are fine, just as they are. As you could see, I only answered
seven or eight questions, and I got 78,000 words to work with
Do some social engineering on this particular target.
All right. I hope you enjoyed the demo.
Good luck on your password.
A wordless generation.