If getting massive word lists and spending days if not weeks or months running attacks on targets isn’t your thing (not that I endorse this type of behaviour) then you can try a more defined approach if you know a little information about your specific target using common user passwords profiler (CUPPS). Most people generate passwords based on things in their lives like peoples names and birthdates, with the help of a simple question based form requesting information on the target you can generate 200,000+ personally generated passwords based on the targets life.┬áThe tool is written for Linux and installed by default in Backtrack 5 (maybe other previous versions too?) in the /pentest/passwords/cupps location.

By running the Custom User Passwords Profiler with the “-i” switch you will enter the interactive mode of the script which will ask you the following questions:

  • Name
  • Surname
  • Nickname
  • Wife/Husbands name
  • Wife/Husbands nickname
  • Wife/Husbands birthdate
  • Child’s name
  • Child’s nickname
  • Child’s birthdate
  • Pet’s name
  • Company name
  • Add additional words?
  • Add special characters?
  • Add random numbers?
  • Leet mode?

Above is just an example of the input that can be entered

Once the questions are complete the script will generate a file with the person’s first name and a word count of how many passwords were generated and placed in the folder you ran the script from (in this case /pentest/passwords/cupp).

From there you can run your favourite tool against a target with the wordlist such as Medusa.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.