Start to finish: Cracking a Windows Server 2012 R2 Administrator account (Part 2 of 2)

Cracking Windows Server 2012 R2

In the previous guide I showed you how to steal password hashes from a Windows Server 2012 appliance.

We saved the hash to a USB drive and are now sitting at our Kali Linux laptop back home in our basement.

Let the cracking begin with John.

Read more ›

Posted in Windows Tagged with: , ,

Start to finish: Cracking a Windows Server 2012 R2 Administrator account (Part 1 of 2)

Cracking Windows Server 2012 R2

I want you to imagine your best friend from college challenges you to a duel.

Here’s the deal: you both graduated with honors from ivy league schools but your careers bifurcated down different paths.  You decided to work in corporate america but he started his own software company in Silicon Valley.

Now you’re friend has a kinetic personality.  He’s incredibly smart, talks faster than you can think and really understand technology.  But he’s also full of hubris and lacks humility.

One day over drinks, in a moment of spontaneity, he looks you straight in the eye and challenges you to a duel.

He leans in and boasts:

I bet you can’t hack into my network.  I’ve hired the best security administrators.  I have invested millions on cutting edge protection systems and I’m confident that my network is indomitable.  In fact, I’m so sure you can’t break in that I’ll cut your company a check for $500,000 if you can breach my security controls.  I’ll give you 1 week.  But if you can’t break in you’ll have to give me bragging rights and every time you see me you’ll have to rhapsodize about my invulnerable network.  I’ll be expecting constant laudation.  Sound like a deal?

With a smug smirk on his face, he stretches out his hand for the shake.

Would you shake on it?

Read more ›

Posted in How To, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows XP Tagged with: , , ,

Fun with CUPP and Medusa in Kali Linux (Part 3 of 3)

Cracking passwords in Kali Linux

If you’ve been following my CUPP and Medusa series then you know how to use the Common User Passwords Profiler (CUPP) to create a carefully tuned password list that matches your victim’s personal data.  Furthermore, you know how to use Medusa to crack against that list and then SSH into the compromised resource.

Well today I’ve got to show you two ways to stop this sort of thing from happening.

Read more ›

Posted in Linux Tagged with: , , ,

Fun with CUPP and Medusa in Kali Linux (Part 2 of 3)

Cracking passwords in Kali Linux

In the previous guide, I showed you how to use the Common User Password Profiler in Kali Linux.  Today, we’re going to crack passwords against that list.

Read more ›

Posted in Linux Tagged with: , , , ,

Fun with CUPP and Medusa in Kali Linux (Part 1 of 3)

Cracking passwords in Kali Linux

What’s the best way to crack a password?

Your first idea might be to grab a giant wordlist and start a dictionary attack against an account such as a Windows Active Directory account or a web login.  Or you might think that brute force is the way to go since it tries every feasible password combination

Although these are effective methods for cracking passwords a keen hacker will take steps to profile his victim before cracking his victim.

For example, you find out the first and last name of your target.  Then you search LinkedIN, Flickr, Twitter, Facebook and Google+ to see if he’s married.  What’s his wife’s name?  Does he have any kids?  How many?  Where does he live?  Where does he work?  What are his hobbies?  Maybe he likes to scuba dive and has a penchant for stamps.  Most of the information I listed above is publicly available thorough social media.  So a shrewd attacker could simply signup for the major social sites and begin doing reconnaissance on his target.

Then you can create a customized password list that’s finely tuned for your target.  You can also included common vowel substitutions.  So you could try a “3” for an “E” or a “1” for a “i”.  These are common substitutions you can use to streamline your password cracking process.

The Common User Password Profiler (CUPP)

CUPP is a tool that let’s you toss a bunch of data in a cup, shake it all around and then start cracking a passwords against a custom password list.  Rather than launching a generic dictionary attack or a brute force attack which could take forever, CUPP abridges your time to success by building probably passwords from custom data you feed it.

Go get CUPP, fire up Kali Linux, type cd to change to your home directory and then enter this:

wget http://www.remote-exploit.org/content/cupp-3.0.tar.gz

Now we need to “unzip” the archive,

tar -xvf cupp-3.0.tar.gz

Great now let’s look at the files we have here:

ls -la

CUPP in Kali

We should see two files:

  • cupp.cfg
  • cupp.py

The first is the configuration file and the second is the python program executable.

Let’s look in the configuration file for a second

more cupp.cfg

cupp.cfg

The [leet] section shows you the vowel substitutions.  You can change this to anything you want; I just wanted to show you where the stuff is stored.

Let’s scroll down one more section…

Let’s say you know your victim graduated from Yale in 1996.  You could add that year to the [years] list and CUPP will fold those values into your custom password list.

CUPP cfg file

Press q to quit.

Creating the custom password list

To get started we’re going to type:

./cupp.py -i

This starts the cupp python program in interactive mode so we can answer a few questions about our target.  Most of this information can be gleaned from public sources such as social media or Google.

That’s the scary part.  You would be surprised how much information you can find about people for free.

Kali CUPP interactive mode

Now you just fill in all the data you know.  Just press enter on anything you don’t know and CUPP will cordially skip it.

I’m going to make up a victim by the name of Joe Blow.

CUPP interactive mode

After the interview it’ll ask you if you want to add some key words about the victim.

This is a perfect place to add any keywords that apply to your victim.  For example, if you know Joe loves botany, guns and traveling to Texas you could include those words and CUPP will use all the variations in your custom list.CUPP password list

This will increase the size of your password list but will also increase the chances of getting a hit.  I’m going to skip that for now though.

Let’s take a look at the dictionary file joe.txt

more joe.txt

CUPP password list

Amazing.

Alright, now we can feed this list into our password cracker and start cracking.

In the next article I’ll show you how to use Medusa in Kali Linux to start cracking our user.

Bottom Line

The first time I saw CUPP I felt a deep angst in my soul.  A twisted pit of fear consumed me for a moment because I realized how easy it is for anyone to search the internet for facts about me.

The purpose of my post today is to show you why it’s imperative to use a strong password.  Don’t use common elements like your name or your birthday or the name of your pet.

I strongly suggest that you use a completely random password and use LastPass to manage it.

Stay tuned for the next article where I’ll show you how to get crackin’.

Posted in Linux Tagged with: , , , ,

Advertisement

Opt In Image
Grab my new eBook before I take it down!
It's 100% free and the download is instant. Here's what you get:
  1. 40 pages of beautiful HD photos featuring solid content on getting the most out of Google Chrome
  2. Learn how to speed up Chrome, stay private online, maximize your mobile experience and more.
  3. Tons of concise Pro-tips scattered throughout the guide; see if you can find them all.
  4. Two special bonus sections near the end of the guide