Darknet - The Darkside » password-profiling http://www.darknet.org.uk Ethical Hacking, Penetration Testing & Computer Security Tue, 07 Feb 2012 18:34:17 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 CUPP – Common User Passwords Profiler – Automated Password Profiling Tool http://www.darknet.org.uk/2010/09/cupp-common-user-passwords-profiler-automated-password-profiling-tool/ http://www.darknet.org.uk/2010/09/cupp-common-user-passwords-profiler-automated-password-profiling-tool/#comments Fri, 17 Sep 2010 08:14:59 +0000 Darknet http://www.darknet.org.uk/?p=2948 A while back we had Wyd – Automated Password Profiling Tool but the guys at remote-exploit seem to have superseded this with CUPP.

There are other similar options too – The Associative Word List Generator (AWLG) and also RSMangler – Keyword Based Wordlist Generator For Bruteforcing.

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password.

Going through different combinations and algorithms, CUPP can predict specific target passwords by exploiting human vulnerabilities. In password creation, as in many aspects of life, everybody tends to the original solution, but thanks to human nature, we all tend to originality in the same way, leading to almost absolute predictability.

You can download CUPP v3.1 here:

cupp-3.1.tar.gz

Or read more here.

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2010/09/cupp-common-user-passwords-profiler-automated-password-profiling-tool/feed/ 0 Wyd – Automated Password Profiling Tool http://www.darknet.org.uk/2006/11/wyd-automated-password-profiling-tool/ http://www.darknet.org.uk/2006/11/wyd-automated-password-profiling-tool/#comments Thu, 02 Nov 2006 09:03:25 +0000 Darknet http://www.darknet.org.uk/2006/11/wyd-automated-password-profiling-tool/ Wyd is a neat tool I found recently for Password Profiling.

In current IT security environments, files and services are often password protected. In certain situation it is required to get access to files and/or data even when they are protected and the password is unknown.

wyd.pl was born out of those two of situations:

  • A penetration test should be performed and the default wordlist does not contain a valid password
  • During a forensic crime investigation a password protected file must be opened without knowing the the password.

The general idea is to personalize or profile the available data about a “target” person or system and generate a wordlist of possible passwords/passphrases out of available informations. Instead of just using the command ‘strings’ to extract all the printable characters out of all type of files, we wanted to eliminate as much false-positives as possible. The goal was to exlude as much “unusable” data as possible to get an effective list of possible passwords/passphrases.


At the moment the following file types are supported:

  • plain
  • html
  • doc
  • ppt
  • mp3
  • pdf

There is more info here.

You can download Wyd here:

Wyd – Latest Version

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon

]]> http://www.darknet.org.uk/2006/11/wyd-automated-password-profiling-tool/feed/ 2