Cupp Lab | Cybrary

Video Activity

Create Free Account

In this lab, Subject Matter Expert Dean Pompilio demonstrates Cupp (Common User Password Profiler), which is an information gathering tool that you can get from GitHub.com. Enter CUPP into the site's search feature and choose MEBUS/Cupp from the choices returned. This tool allows you to generate a list of possible passwords to use in the Dictionary...

Sign up with

Or

Already have an account? Sign In »

Time

3 hours 55 minutes

Difficulty

Advanced

CEU/CPE

5

Create Free Account

In this lab, Subject Matter Expert Dean Pompilio demonstrates Cupp (Common User Password Profiler), which is an information gathering tool that you can get from GitHub.com. Enter CUPP into the site's search feature and choose MEBUS/Cupp from the choices returned. This tool allows you to generate a list of possible passwords to use in the Dictionary file. The Dictionary file(s) can be expanded as more information is gathered. In this Part of Module 4, SME Pompilio demonstrates using Cupp to generate password word lists for a Cupp Dictionary. You will learn to:

open the command shell USER SHARE
work in interactive mode
improve an existing Dictionary
download a Dictionary
generate a password word list for a Dictionary by answering questions about the target
understand the various modes in Cupp
evaluate the password word list generated by Cupp
use another tool to save your output as a Rainbow Table

SME Pompilio reviews the config file and discusses the various modes, parameters, repositories, and default settings you can use.

00:05

Hello, everyone.

00:06

This is Dean Pompilio

00:09

on your subject matter expert for social engineering,

00:12

and we're still doing demos.

00:14

Four

00:16

information gathering tools

00:19

and this demo. We're gonna look a tool called Cup,

00:23

and this is a tool you can get from Get Hub,

00:29

so go to get help dot com.

00:31

Typing cup with two p's

00:34

and the one you want is right here. Common User Passwords profiler

00:42

so you can check out the Read Me file. There's also a config file.

00:47

We'll take a look at that in a moment.

00:48

And then there's the Python script.

00:53

And so what this tool does is allows you to

00:57

answer a bunch of questions to generate

01:00

a list of possible passwords to use in the dictionary file.

01:04

And you can also download

01:07

other dictionaries for different languages or different topics like religion or science

01:11

or computers

01:15

so you can. You can expand

01:18

and improve upon those dictionaries as well.

01:21

So after some use of the tool,

01:23

you could generate quite a few large dictionaries that are

01:27

going to give you some great input files. Dictionary files

01:32

to use for dictionary based password cracking

01:34

or if, if you want, you can always hash those dictionary files for Rainbow Tax.

01:41

The Rainbow Attack is using a pre hashed password file, so it's a lot faster.

01:47

Anyway. That's a topic for another video.

01:51

So the interactive mode is what we'll be looking at,

01:57

and the

01:57

the, uh, Dash W option

02:00

helps you to improve

02:02

an existing dictionary,

02:05

and Daschle helps you to download those. So we'll look at the download menu

02:08

and then will

02:10

go ahead and run the interactive mode.

02:15

All right, so let's open up our command shell.

02:17

Like most Lennox Callie tools,

02:21

they are located and user share,

02:23

so we'll go ahead and run cup

02:27

help screens. We can see what that looks like

02:29

again. It's the common user passwords profile.

02:34

So if I run the

02:38

the word lists you see I have a nice man. You here

02:40

I can download the American wordless I'll pick Number three

02:46

downloads a zipped tar archive.

02:54

Take a couple seconds there.

03:00

Then I will. I think I want to get the science

03:05

dictionary word list as well,

03:09

so I've got algae, bacteria, fungi,

03:13

microalgae, viruses, asteroids and looks like asteroids. Air it out. That's fine. Still have some other choices available?

03:22

Let's get the random dictionary word list.

03:28

How I typed it out instead of typing the number. That's funny.

03:32

No, it doesn't like it.

03:38

I think that's supposed to be 29. Looks like a type on the menu.

03:40

There we go.

03:45

Dogs,

03:46

drugs, junk numbers, phrases, sports.

03:50

That's a good topics there.

03:52

Okay, so now I've got some dictionary files that I can use.

03:58

But right now I'm more interested in generating a wordless based on.

04:02

Basically, this is the rule based attack for passwords.

04:06

Rule based attack means that you are

04:10

answering questions about the top, the target

04:13

and generating

04:14

a list of words for a dictionary file from that.

04:18

So what is the Target's first name?

04:21

We'll say it's

04:24

Jim

04:26

Uppercase. Lower case

04:29

may matter a little bit, so we'll just stay a lower case for right now.

04:31

It'll try both Jim Smith,

04:35

his nickname. That's what we'll call him Jimmy.

04:40

And we'll say he was born on

04:43

Fourth of July

04:46

1970.

04:49

What is Jim's partner?

04:51

Jim's partner is probably named Sue

04:57

nickname of Susie,

05:00

and she was born on Christmas

05:04

of

05:06

1980.

05:11

They have a child

05:13

named Bill,

05:15

his nickname's Billy,

05:17

and he was born on New Year's Day

05:23

2000.

05:28

All right. So does Jim have any pets? I believe he has a dog named Boomer.

05:34

And due to other social engineering reconnaissance, we know that

05:40

this target works for

05:43

Wal Mart

05:46

so we can add keywords about the victim's. I'll say yes to that.

05:51

And now I can

05:53

think of some other

05:55

adjectives, basically that describe Jim things that that he might incorporate into a password.

06:02

Uh,

06:04

so let's see. Jim

06:06

doesn't like to spend money, so we'll say one of the world's gonna be cheapskate.

06:13

However, Jim is very religious,

06:15

so we'll put that

06:23

as a word. We can also add

06:27

Hunter. Maybe he likes to hunt,

06:30

and we also know that he likes to play poker.

06:34

This is all

06:35

information discovered

06:39

during the information gathering stage. Reconnaissance and foot printing type information.

06:45

All right, we want special characters at the end of words.

06:47

Well, say yes. We get more passwords that way.

06:51

Random numbers of the underworld will also say yes for this.

06:57

That's a good idea, since sometimes you try to create an account,

07:01

and maybe you can't get the one you want, so you take one that has the next number in line that could be

07:05

effective for passwords as well.

07:11

And then lead mode means that we're going to substitute letters and characters,

07:16

our numbers and characters for

07:18

letters of the alphabet. So we'll say yes for that as well.

07:24

So based on those simple questions that I answered over the course of about two minutes, I just generated

07:30

78,000 words.

07:32

That's pretty impressive.

07:34

So now let's just have a peak of these.

07:43

A lot of these are going to the passwords that air date based, of course, because we gave some birthdates.

07:47

Sometimes people use these four passwords. It's a terrible idea what it happens

07:53

now. We've got some

07:55

random combinations of certain special characters. It looks like

08:03

more passwords, and you get the basic idea

08:09

so we can scroll through and see if he's got a little bit more interesting.

08:15

So there's some that relate to his dog. I saw Boomer go by

08:18

there. It goes to some boomer variations,

08:24

so this is very easy to use, very simple, to generate a huge list,

08:33

and

08:35

another thing to consider here is

08:39

saving

08:39

or this output as a

08:41

greenbow table. So you have to use a different tool

08:46

in order to convert that.

08:58

Okay, so we've looked at some of the passwords.

09:01

Now, let's have a quick review of the config. File

09:07

Nutshell. Just

09:09

display it like this.

09:13

So for leap mode,

09:15

we can see the character Substitution is here.

09:18

Number four for letter A zero for a No. Nine Fergie. And of course, you can add alternate ones

09:26

if you if you wish.

09:28

The special characters are listed here so we can control that list.

09:33

They're random years you can set.

09:39

And then lastly, we have some parameters

09:41

for the range of random numbers.

09:43

So if you're gonna use random numbers,

09:46

those will be generated from this range of numbers

09:52

and then we also have the length.

09:54

So from a 5 to 12 character

09:58

password

10:03

and then lastly, there's a threshold

10:07

for how many words you want Thio parts from an existing word list.

10:11

If you have a lot of memory under system, you can make this number a little bit Hiler higher if you wish.

10:16

And lastly, we have the repositories where you can get those dictionary files so you can specify new ones if you wish.

10:26

Okay, so the default settings for cup are are fine, just as they are. As you could see, I only answered

10:33

seven or eight questions, and I got 78,000 words to work with

10:37

two.

10:39

Do some social engineering on this particular target.

10:43

All right. I hope you enjoyed the demo.

10:45

Good luck on your password.

10:46

A wordless generation.

10:48

Thank you.

Detection and Prevention

In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.

CEO of SteppingStone Solutions