If the hacker is able to obtain or crack the target's password, in many cases, this can lead to a complete breach and takeover of the account. Many people use simple passwords that are relatively easy to crack with a good list of words.
In many cases, people use words and numbers that are familiar to them. Remember that targets likely have multiple passwords and should change them frequently. This makes memorizing them very difficult. As a result, they try to use familiar words and numbers, such as their child's name and date of birth, their wedding anniversary, etc. Admit it, you probably have too!
If we can gather this information about the target using OSINT methods, we may be able to create a custom, potential password list that could save us hours, days, or weeks from using a brute-force attack on the password their access.
We have a special tool that can generate custom password lists based on some basic information about the target. It's called cupp or Common User Password Profiler.
Download and install cupp
Cupp isn't built into Kali, so you'll need to download it from github.com.
kali > git clone https://github.com/Mebus/cupp
Next we need to go to our new cupp directory.
kali > cd cupp
To run cupp's help screen, we simply type,
kali > ./cupp.py
As you can see, cupp is a simple tool with only a few options. To start cupp in interactive mode, type the command cupp followed by the command -i,
kali > ./cupp -i
By running the command, cupp goes into interactive mode and starts asking us questions about the target, such as name, birthday, partner, pet's name, child's name, etc.
I filled in the information as Elliot Alderson – the main character of the TV series Mr. Robot – when he was targeting his psychologist, Krista Gordon (some of you may remember Elliot breaking her code in season #1. That's probably how he did it). When she asked for her partner's name, I put in Mike, and when asked for a special word, I put in Dylan (Elliot had learned that Bob Dylan was her favorite artist from her Facebook page).
When cupp finishes its work, it puts all possible passwords (5832 in this case) into a file named Krista.txt. We can see the contents of this file by typing,
kali > cat krista.txt
As you can see above, cupp started using variations of her date of birth…
And then variations on the name of her favorite musician (Dylan)…
…and then variations of his name.
There is a good chance that the target's password is in this custom password list.
Summary
Password cracking is the art and science of finding the target's password. If you succeed, you can probably gain complete control of the target and possibly their entire life!
Instead of jumping right into time-consuming and tedious brute-force password cracking, try your most frequently used passwords first. Our analysis shows that about 35% of passwords are in the top 1 million most frequently used passwords. If that fails, try developing a custom password list using cupp from the information you can glean with OSINT skills.