I want you to imagine your best friend from college challenges you to a duel.
Here’s the deal: you both graduated with honors from ivy league schools but your careers bifurcated down different paths. You decided to work in corporate america but he started his own software company in Silicon Valley.
Now you’re friend has a kinetic personality. He’s incredibly smart, talks faster than you can think and really understand technology. But he’s also full of hubris and lacks humility.
One day over drinks, in a moment of spontaneity, he looks you straight in the eye and challenges you to a duel.
He leans in and boasts:
I bet you can’t hack into my network. I’ve hired the best security administrators. I have invested millions on cutting edge protection systems and I’m confident that my network is indomitable. In fact, I’m so sure you can’t break in that I’ll cut your company a check for $500,000 if you can breach my security controls. I’ll give you 1 week. But if you can’t break in you’ll have to give me bragging rights and every time you see me you’ll have to rhapsodize about my invulnerable network. I’ll be expecting constant laudation. Sound like a deal?
With a smug smirk on his face, he stretches out his hand for the shake.
Your first idea might be to grab a giant wordlist and start a dictionary attack against an account such as a Windows Active Directory account or a web login. Or you might think that brute force is the way to go since it tries every feasible password combination
Although these are effective methods for cracking passwords a keen hacker will take steps to profile his victim before cracking his victim.
For example, you find out the first and last name of your target. Then you search LinkedIN, Flickr, Twitter, Facebook and Google+ to see if he’s married. What’s his wife’s name? Does he have any kids? How many? Where does he live? Where does he work? What are his hobbies? Maybe he likes to scuba dive and has a penchant for stamps. Most of the information I listed above is publicly available thorough social media. So a shrewd attacker could simply signup for the major social sites and begin doing reconnaissance on his target.
Then you can create a customized password list that’s finely tuned for your target. You can also included common vowel substitutions. So you could try a “3” for an “E” or a “1” for a “i”. These are common substitutions you can use to streamline your password cracking process.
The Common User Password Profiler (CUPP)
CUPP is a tool that let’s you toss a bunch of data in a cup, shake it all around and then start cracking a passwords against a custom password list. Rather than launching a generic dictionary attack or a brute force attack which could take forever, CUPP abridges your time to success by building probably passwords from custom data you feed it.
Go get CUPP, fire up Kali Linux, type cd to change to your home directory and then enter this:
The first is the configuration file and the second is the python program executable.
Let’s look in the configuration file for a second
The [leet] section shows you the vowel substitutions. You can change this to anything you want; I just wanted to show you where the stuff is stored.
Let’s scroll down one more section…
Let’s say you know your victim graduated from Yale in 1996. You could add that year to the [years] list and CUPP will fold those values into your custom password list.
Press q to quit.
Creating the custom password list
To get started we’re going to type:
This starts the cupp python program in interactive mode so we can answer a few questions about our target. Most of this information can be gleaned from public sources such as social media or Google.
That’s the scary part. You would be surprised how much information you can find about people for free.
Now you just fill in all the data you know. Just press enter on anything you don’t know and CUPP will cordially skip it.
I’m going to make up a victim by the name of Joe Blow.
After the interview it’ll ask you if you want to add some key words about the victim.
This is a perfect place to add any keywords that apply to your victim. For example, if you know Joe loves botany, guns and traveling to Texas you could include those words and CUPP will use all the variations in your custom list.
This will increase the size of your password list but will also increase the chances of getting a hit. I’m going to skip that for now though.
Let’s take a look at the dictionary file joe.txt
Alright, now we can feed this list into our password cracker and start cracking.
In the next article I’ll show you how to use Medusa in Kali Linux to start cracking our user.
The first time I saw CUPP I felt a deep angst in my soul. A twisted pit of fear consumed me for a moment because I realized how easy it is for anyone to search the internet for facts about me.
The purpose of my post today is to show you why it’s imperative to use a strong password. Don’t use common elements like your name or your birthday or the name of your pet.
Imagine malware so sophisticated that it not only disappears from the Windows Task Manager and your antivirus software but also modifies the code that undergirds the operating system in such a way that it’s virtually impossible to detect.
Does such a thing exist?
I think we should all give homage to the AV vendors out there. These guys are busting their balls trying to keep us protected but Rootkits are an entirely different threat.
Today I’m going to help you understand exactly what a rootkit is and show you how you can detect the most evasive malware known to man.