The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.
A weak password might be very short or only use alphanumberic characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.
That is why CUPP was born, and it can be used in situations like legal penetration tests or forensic crime investigations.
Author: Muris Kurgas aka j0rgan
cupp.py [-h] [-i | -w FILENAME | -l | -a | -v] [-q]
-h, --help show this help message and exit -i, --interactive Interactive questions for user password profiling -w FILENAME Use this option to improve existing dictionary, or WyD.pl output to make some pwnsauce -l Download huge wordlists from repository -a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which were merged and enhanced -v, --version Show the version of this program. -q, --quiet Quiet mode (don't print banner)
CUPP configuration file
CUPP has a cupp.cfg config file with instructions.
You need to go to the directory with the installed program, otherwise an error occurs at startup.
At startup, the following information is collected about the victim:
> First Name: > Surname: > Nickname: > Birthdate (DDMMYYYY): > Partners) name: > Partners) nickname: > Partners) birthdate (DDMMYYYY): > Child's name: > Child's nickname: > Child's birthdate (DDMMYYYY): > Pet's name: > Company name: > Do you want to add some key words about the victim? Y/[N]: > Do you want to add special chars at the end of words? Y/[N]: > Do you want to add some random numbers at the end of words? Y/[N] > Leet mode? (i.e. leet = 1337) Y/[N]: Режим Leet?
About Leet mode from Wikipedia:
Leet (or "1337"), also known as eleet or leetspeak, is a system of modified spellings used primarily on the Internet. It often uses character replacements in ways that play on the similarity of their glyphs via reflection or other resemblance. Additionally, it modifies certain words based on a system of suffixes and alternate meanings. There are many dialects or linguistic varieties in different online communities.
If you installed CUPP from the standard repository, then use the command to find the configuration file:
In Kali Linux, the path to the configuration file is /etc/cupp.cfg
In BlackArch, the path to the config file is /usr/share/cupp/cupp.cfg
The following is the contents of this file comments. Lines that start with the "#" character are inactive (comments).
# [ cupp.cfg ] # # This is configuration file for cupp.py # # There are no options to configure the application within it. The app reads it, # does not change it. I'm hoping you'll figure out how to looking at this. # [ 1337 mode ] # If you think this default settings are not right, # you can change it for yourself. For example if you # don't like a=4, just change it to a=@ :) # If you don't need some chars, just comment it! Duplicates are allowed too. # For adding chars, you might need to add some lines in cupp.py... [leet] a=4 i=1 e=3 t=7 o=0 s=5 g=9 z=2 # [ Special chars ] for adding some pwnsauce! Remove or add as necessary, # separated by comma [specialchars] chars=!,@,'#',$,%%,&,* # [ Random years ] take it as much as you need! [years] years = 1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020 # [ Random numbers ] # In this default setting, numbers from 0 to 100 will be added to all words # compiled by cupp.py [nums] from=0 to=100 # [ Word length shaping ] # This setting will exclude words from compiled wordlist that are shorter # than [wcfrom] and longer than [wcto]. wcfrom=5 wcto=12 # [ Threshold ] # Threshold setting for word concatenations parsed from existing wordlist # (using -w option). # For example, from 200 words CUPP will compile 200*200=40,000 new words. # Increasing this level may cause high memory consumption, be careful. threshold=200 # [ Wordlist config ] [alecto] alectourl=https://github.com/yangbh/Hammer/raw/b0446396e8d67a7d4e53d6666026e078262e5bab/lib/cupp/alectodb.csv.gz [downloader] dicturl=http://ftp.funet.fi/pub/unix/security/passwd/crack/dictionaries/
CUPP Usage Example
How to install CUPP
Installation on Kali Linux
sudo apt install cupp
Installation on Debian, Linux Mint, Ubuntu
git clone https://github.com/Mebus/cupp.git cd cupp/ && python3 ./cupp.py -i
Installation on BlackArch
The program is pre-installed on BlackArch.
sudo pacman -S cupp