The Art of Password Cracking: A Deep Dive into CUPP
About CUPP
CUPP is a password cracking tool that uses an algorithm to predict passwords based on the target’s data to generate a wordlist for credential brute-forcing. It’s commonly used in red teaming and pentesting engagements where password spraying and credential stuffing are in scope. CUPP is effective because people tend to use passwords that are easy to remember and include personal information, such as birthdays or names of family members.
How does CUPP work?
CUPP works by using an algorithm to predict passwords based on the target’s data to generate a wordlist for credential brute-forcing. People tend to show some patterns when it comes to choosing passwords. They usually pick passwords that are easy to remember and include personal things into their passwords. For example, to easily remember a password, it can contain someone’s birthday or the name of their husband/wife. If their wife’s name isSiji, whose birth date is 01/03/1988, they may have a password similar to “Siji8813”. CUPP uses this information to predict these passwords and generate a very effective wordlist for credential brute-forcing. It’s pretty useful for red teaming and pentesting engagements where password spraying and credential stuffing are in scope.
Steps:
1. Installing and setting up CUPP in Kali Linux
The first and most important step is installing CUPP on Kali. After booting to Kali Linux, open the terminal and create a directory for installing the CUPP tool.
Use the following command:
mkdir CUPP
This command creates a folder or directory where the files for the tool will be stored.
Navigate to this newly created directory:
cd CUPP
Inside the CUPP directory, clone the CUPP repository from Github:
git clone https://github.com/Mebus/cupp.git
If git doesn’t work, it might not have been properly installed in the system. If so, use the command to update the sources and install it again:
apt-get update && apt-get install gitpassw
2. Configuring CUPP after Installation
Like a lot of hacking tools, CUPP, too, has a configuration file. Let’s explore and customize its options. When the ls command is used after cloning CUPP, one can see that a new folder named “cupp” is created. Upon navigating to that folder, the config file should be visible:
cupp.config
The CUPP documentation is available in the README.md file inside the directory cloned with git.
Open the configuration with leafpad:
leafpad cupp.cfg
This opens a screen with many options:
For now, let’s focus on the “1337 mode” and special chars settings. What 1337 mode does is simply going through all the passwords CUPP generated and replacing, for example, “a” with 4 in that password and adding the new password to the wordlist. This mode not only makes the wordlist larger but also greatly increases the chances of success. Note that a should be equal to “@” as well.
To do that, add this line under “leet”: a=@
Special characters will be added randomly at the end of the passwords which CUPP generates. These need not be edited, but if one wants to, it can be done by adding a character to it. The other settings are quite self-explanatory.
3. Using CUPP
CUPP can be launched in interactive mode by using the following command:
python cupp.py -i
Enter all the information and particulars about the target. This information can be gained through OSINT research about the target.
Using a Test case to determine if CUPP generates the password successfully
To check whether CUPP successfully generated password, one can use leafpad to open the text file:
leafpad file.txt
Once it’s opened, click “search” and click on “find.” Then, enter password.
Or,
Grep through the contents of the text file containing generated passwords like this:
cat file.txt | grep ‘password’
Grep would highlight the portion of the wordlist where it found a match. Thus, CUPP’s wordlist generation capabilities are quite advanced and powerful.
