00:06
This is Dean Pompilio
00:09
on your subject matter expert for social engineering,
00:12
and we're still doing demos.
00:16
information gathering tools
00:19
and this demo. We're gonna look a tool called Cup,
00:23
and this is a tool you can get from Get Hub,
00:29
so go to get help dot com.
00:31
Typing cup with two p's
00:34
and the one you want is right here. Common User Passwords profiler
00:42
so you can check out the Read Me file. There's also a config file.
00:47
We'll take a look at that in a moment.
00:48
And then there's the Python script.
00:53
And so what this tool does is allows you to
00:57
answer a bunch of questions to generate
01:00
a list of possible passwords to use in the dictionary file.
01:04
And you can also download
01:07
other dictionaries for different languages or different topics like religion or science
01:15
so you can. You can expand
01:18
and improve upon those dictionaries as well.
01:21
So after some use of the tool,
01:23
you could generate quite a few large dictionaries that are
01:27
going to give you some great input files. Dictionary files
01:32
to use for dictionary based password cracking
01:34
or if, if you want, you can always hash those dictionary files for Rainbow Tax.
01:41
The Rainbow Attack is using a pre hashed password file, so it's a lot faster.
01:47
Anyway. That's a topic for another video.
01:51
So the interactive mode is what we'll be looking at,
01:57
the, uh, Dash W option
02:00
helps you to improve
02:02
an existing dictionary,
02:05
and Daschle helps you to download those. So we'll look at the download menu
02:10
go ahead and run the interactive mode.
02:15
All right, so let's open up our command shell.
02:17
Like most Lennox Callie tools,
02:21
they are located and user share,
02:23
so we'll go ahead and run cup
02:27
help screens. We can see what that looks like
02:29
again. It's the common user passwords profile.
02:38
the word lists you see I have a nice man. You here
02:40
I can download the American wordless I'll pick Number three
02:46
downloads a zipped tar archive.
02:54
Take a couple seconds there.
03:00
Then I will. I think I want to get the science
03:05
dictionary word list as well,
03:09
so I've got algae, bacteria, fungi,
03:13
microalgae, viruses, asteroids and looks like asteroids. Air it out. That's fine. Still have some other choices available?
03:22
Let's get the random dictionary word list.
03:28
How I typed it out instead of typing the number. That's funny.
03:32
No, it doesn't like it.
03:38
I think that's supposed to be 29. Looks like a type on the menu.
03:46
drugs, junk numbers, phrases, sports.
03:50
That's a good topics there.
03:52
Okay, so now I've got some dictionary files that I can use.
03:58
But right now I'm more interested in generating a wordless based on.
04:02
Basically, this is the rule based attack for passwords.
04:06
Rule based attack means that you are
04:10
answering questions about the top, the target
04:14
a list of words for a dictionary file from that.
04:18
So what is the Target's first name?
04:26
Uppercase. Lower case
04:29
may matter a little bit, so we'll just stay a lower case for right now.
04:31
It'll try both Jim Smith,
04:35
his nickname. That's what we'll call him Jimmy.
04:40
And we'll say he was born on
04:49
What is Jim's partner?
04:51
Jim's partner is probably named Sue
05:00
and she was born on Christmas
05:15
his nickname's Billy,
05:17
and he was born on New Year's Day
05:28
All right. So does Jim have any pets? I believe he has a dog named Boomer.
05:34
And due to other social engineering reconnaissance, we know that
05:40
this target works for
05:46
so we can add keywords about the victim's. I'll say yes to that.
05:55
adjectives, basically that describe Jim things that that he might incorporate into a password.
06:06
doesn't like to spend money, so we'll say one of the world's gonna be cheapskate.
06:13
However, Jim is very religious,
06:23
as a word. We can also add
06:27
Hunter. Maybe he likes to hunt,
06:30
and we also know that he likes to play poker.
06:35
information discovered
06:39
during the information gathering stage. Reconnaissance and foot printing type information.
06:45
All right, we want special characters at the end of words.
06:47
Well, say yes. We get more passwords that way.
06:51
Random numbers of the underworld will also say yes for this.
06:57
That's a good idea, since sometimes you try to create an account,
07:01
and maybe you can't get the one you want, so you take one that has the next number in line that could be
07:05
effective for passwords as well.
07:11
And then lead mode means that we're going to substitute letters and characters,
07:16
our numbers and characters for
07:18
letters of the alphabet. So we'll say yes for that as well.
07:24
So based on those simple questions that I answered over the course of about two minutes, I just generated
07:32
That's pretty impressive.
07:34
So now let's just have a peak of these.
07:43
A lot of these are going to the passwords that air date based, of course, because we gave some birthdates.
07:47
Sometimes people use these four passwords. It's a terrible idea what it happens
07:55
random combinations of certain special characters. It looks like
08:03
more passwords, and you get the basic idea
08:09
so we can scroll through and see if he's got a little bit more interesting.
08:15
So there's some that relate to his dog. I saw Boomer go by
08:18
there. It goes to some boomer variations,
08:24
so this is very easy to use, very simple, to generate a huge list,
08:35
another thing to consider here is
08:41
greenbow table. So you have to use a different tool
08:46
in order to convert that.
08:58
Okay, so we've looked at some of the passwords.
09:01
Now, let's have a quick review of the config. File
09:09
display it like this.
09:15
we can see the character Substitution is here.
09:18
Number four for letter A zero for a No. Nine Fergie. And of course, you can add alternate ones
09:28
The special characters are listed here so we can control that list.
09:33
They're random years you can set.
09:39
And then lastly, we have some parameters
09:41
for the range of random numbers.
09:43
So if you're gonna use random numbers,
09:46
those will be generated from this range of numbers
09:52
and then we also have the length.
09:54
So from a 5 to 12 character
10:03
and then lastly, there's a threshold
10:07
for how many words you want Thio parts from an existing word list.
10:11
If you have a lot of memory under system, you can make this number a little bit Hiler higher if you wish.
10:16
And lastly, we have the repositories where you can get those dictionary files so you can specify new ones if you wish.
10:26
Okay, so the default settings for cup are are fine, just as they are. As you could see, I only answered
10:33
seven or eight questions, and I got 78,000 words to work with
10:39
Do some social engineering on this particular target.
10:43
All right. I hope you enjoyed the demo.
10:45
Good luck on your password.
10:46
A wordless generation.