Fun with CUPP and Medusa in Kali Linux (Part 1 of 3)

What’s the best way to crack a password?

Your first idea might be to grab a giant wordlist and start a dictionary attack against an account such as a Windows Active Directory account or a web login.  Or you might think that brute force is the way to go since it tries every feasible password combination

Although these are effective methods for cracking passwords a keen hacker will take steps to profile his victim before cracking his victim.

For example, you find out the first and last name of your target.  Then you search LinkedIN, Flickr, Twitter, Facebook and Google+ to see if he’s married.  What’s his wife’s name?  Does he have any kids?  How many?  Where does he live?  Where does he work?  What are his hobbies?  Maybe he likes to scuba dive and has a penchant for stamps.  Most of the information I listed above is publicly available thorough social media.  So a shrewd attacker could simply signup for the major social sites and begin doing reconnaissance on his target.

Then you can create a customized password list that’s finely tuned for your target.  You can also included common vowel substitutions.  So you could try a “3” for an “E” or a “1” for a “i”.  These are common substitutions you can use to streamline your password cracking process.

The Common User Password Profiler (CUPP)

CUPP is a tool that let’s you toss a bunch of data in a cup, shake it all around and then start cracking a passwords against a custom password list.  Rather than launching a generic dictionary attack or a brute force attack which could take forever, CUPP abridges your time to success by building probably passwords from custom data you feed it.

Go get CUPP, fire up Kali Linux, type cd to change to your home directory and then enter this:

wget http://www.remote-exploit.org/content/cupp-3.0.tar.gz

Now we need to “unzip” the archive,

tar -xvf cupp-3.0.tar.gz

Great now let’s look at the files we have here:

ls -la

CUPP in Kali

We should see two files:

  • cupp.cfg
  • cupp.py

The first is the configuration file and the second is the python program executable.

Let’s look in the configuration file for a second

more cupp.cfg

cupp.cfg

The [leet] section shows you the vowel substitutions.  You can change this to anything you want; I just wanted to show you where the stuff is stored.

Let’s scroll down one more section…

Let’s say you know your victim graduated from Yale in 1996.  You could add that year to the [years] list and CUPP will fold those values into your custom password list.

CUPP cfg file

Press q to quit.

Creating the custom password list

To get started we’re going to type:

./cupp.py -i

This starts the cupp python program in interactive mode so we can answer a few questions about our target.  Most of this information can be gleaned from public sources such as social media or Google.

That’s the scary part.  You would be surprised how much information you can find about people for free.

Kali CUPP interactive mode

Now you just fill in all the data you know.  Just press enter on anything you don’t know and CUPP will cordially skip it.

I’m going to make up a victim by the name of Joe Blow.

CUPP interactive mode

After the interview it’ll ask you if you want to add some key words about the victim.

This is a perfect place to add any keywords that apply to your victim.  For example, if you know Joe loves botany, guns and traveling to Texas you could include those words and CUPP will use all the variations in your custom list.CUPP password list

This will increase the size of your password list but will also increase the chances of getting a hit.  I’m going to skip that for now though.

Let’s take a look at the dictionary file joe.txt

more joe.txt

CUPP password list

Amazing.

Alright, now we can feed this list into our password cracker and start cracking.

In the next article I’ll show you how to use Medusa in Kali Linux to start cracking our user.

Bottom Line

The first time I saw CUPP I felt a deep angst in my soul.  A twisted pit of fear consumed me for a moment because I realized how easy it is for anyone to search the internet for facts about me.

The purpose of my post today is to show you why it’s imperative to use a strong password.  Don’t use common elements like your name or your birthday or the name of your pet.

I strongly suggest that you use a completely random password and use LastPass to manage it.

Stay tuned for the next article where I’ll show you how to get crackin’.

About

Connect with Vonnie on Twitter

Posted in Linux Tagged with: , , , ,