Hacking Articles

Raj Chandel's Blog

Comprehensive Guide on Cupp– A wordlist

Generating Tool

posted in PENETRATION TESTING on NOVEMBER 26, 2018

by RAJ CHANDEL  SHARE

Hello Friends!! Today we are going explore the function of

Cupp which is an authoritative tool that creates a wordlist
especially particular for a person that can be used while
making brute force attack for guessing login credential.

Table of Content
Introduction to Cupp
How Cupp Works
Getting Started
Generating Custom Dictionary
Adding to Custom Dictionary
Downloading Dictionaries from Cupp Repository 
Downloading Default Usernames and Passwords
Quiet Mode

Introduction to Cupp
Cupp stands for Common User Passwords Profiler and this tool
can be used in many circumstances like license penetration
tests or forensic crime investigations, CUPP is a cross-platform
and written in Python and it’s functioning is simple but with
very powerful results. This application is a social engineer’s
best friend when it comes to creating targeted password
dictionaries which are tailored to an individual.

How Cupp Works

Cupp takes vectors from the profiling done for an individual,

such as their nickname, pets name, child’s birthdate, etc. It
works on the principle that a password is, more often, a
combination of things known to an individual. These known
things are often personal details that are very close to a
person’s heart.

In cases when a person might use special notations in place of

alphabets (e.g: leet can be written as 133t) Cupp has you
covered.

Installation and Configuration

Cupp can be downloaded from GitHub using the “git clone”

command. Within the downloaded Cupp folder, run the
“cup.py” file. Once the file is run, the program shows you the
various options it has to offer.
1 git clone https://github.com/Mebus/cupp.git
2 cd cupp
3 ls
4 ./cupp.py

Optional Arguments:

-i      Interactive questions for user password profiling

-w FILENAME      Use this option to profile an existing

dictionary,

-l      Download huge wordlists from a repository

-a      Parse default usernames and passwords directly from

Alecto DB.

Project Alecto uses purified databases of Phenoelit and CIRT

which merged and enhanced.

-v      Version of the program

Generating Custom Dictionary
Now it’s time to have some fun!

We will be using the interactive option to generate the custom

dictionary. You will see that we have the option to input
options such as pet’s name, child’s name, partners nickname,
etc. All these things are highly personal and very common to
find these things in a password, one way or another.

There’s also an option to add any specific keywords, special

characters, and random numbers. Apart from all this, there’s
the option to activate Leet mode, this will make the generated
dictionary extremely effective.

That’s all, the dictionary now gets made and saved.

1 ./cupp.py -i
Adding to Custom Dictionary
Cupp gives us the option to add more words to our created
dictionary. We can customize the kind of words we would like
to add by using the provided options.
1 ./cupp.py -w raj.txt

Now that we have successfully executed the command, now

let’s traverse to the location to ensure whether the output has
been saved on the file on not. In this case, our location for
output is /root/cupp /raj.txt.cupp.txt
Downloading Dictionaries from Cupp Repository 
Cupp has its own repositories of dictionaries which are pre-
classified. These dictionaries can be downloaded and used.
The downloaded files are compressed and have to be
uncompressed to be viewed.

Enter the number to choose a name to select the dictionary

you want to download, we have pressed 16 and downloaded
to view a dictionary of Hindi names.
1 ./cupp.py –l
2 cd dictionaries
3 cd hindi
4 gzip -d hindu-names.gz
5 cat hindu-names
Downloading Default Usernames and Passwords
Cupp can download premade dictionaries holding the most
common usernames and passwords from the project Alecto
database for usage.

1 ./cupp.py –a
2 ls
3 cat alectodb-passwords.txt
Quiet Mode
Quiet mode is for running Cupp in a more hush-hush way. If
you’re the kind of person who does not want a big banner on
their screen showing everyone what you’re doing, you’ll like
this option. This basically makes for a cleaner screen while
cupp is carrying out the commands you’re giving it, without the
funny cow popping up on top.

We’re going the couple the quiet mode option with the
dictionary download option that we demonstrated above.
1 ./cupp.py -a -q

We hope you enjoyed this basic walkthrough of the Cupp

application. It is very handy and easy to use the tool when it
comes to making custom dictionaries. Go ahead and see if it
can guess your password.
Stay tuned for more articles on the latest and greatest in
hacking!!!

Author: Shubham Sharma is a Cybersecurity enthusiast and

Researcher in the field of WebApp Penetration testing.
Contact here

Share this:

 
Like this:

Like

Be the first to like this.

ABOUT THE AUTHOR

RAJ CHANDEL
Raj Chandel is a Skilled and Passionate IT Professional especially in IT-Hacking
Industry. At present other than his name he can also be called as An Ethical
Hacker, A Cyber Security Expert, A Penetration Tester. With years of quality
Experience in IT and software industry

PREVIOUS POST
← MERCY: VULNHUB WALKTHROUGH
NEXT POST
COMPREHENSIVE GUIDE ON PYDICTOR – A WORDLIST
GENERATING TOOL →

Leave a Reply
Your email address will not be published. Required elds are marked *

Comment

Name *

Email *

Website

 Notify me of follow-up comments by email.

 Notify me of new posts by email.

POST COMMENT

Search
ENTER KEYWORD
Subscribe to
Blog via Email
Email Address

SUBSCRIBE

Follow me on
Twitter
Hacking Articles
Retweeted

Anu Shibin Joseph Raj

@anushibin007
Pwned and published a
walkthrough for HA:
Chakravyuh by @rajchandel
and @Tyagi_kavish_ on
@VulnHub.

A fun and interesting machine

for beginners like
me.medium.com/@anushibin00
7/…

HA: Chakravyuh [Vuln…

HA: Chakravyuh [VulnHu…
medium.com

10h

Embed View on Twitter

        

     
Categories
 BackTrack 5 Tutorials

 Cryptography &
Stegnography
 CTF Challenges
 Cyber Forensics

 Database Hacking

 Footprinting

 Hacking Tools
 Kali Linux

 Nmap
 Others

 Penetration Testing
 Privilege Escalation

 Red Teaming

 Social Engineering
Toolkit
 Trojans & Backdoors

 Website Hacking

 Window Password
Hacking
 Wireless Hacking

Articles
Select Month 