How to Use CUPP to Generate Password Lists

Welcome back, my fellow hackers! first a word to my followers: sorry i have been out for awhile, but i had finals, so i had to study. the good news is, I'll be rolling out articles again! and this time, we're going to look at a very nice tool called the Common User Password Profiler (CUPP)

What Is CUPP Exactly?

CUPP is a very powerful tool that creates a wordlist specifically for a person. CUPP is cross platform and written in Python. CUPP asks you questions about the target (name, wife's name, pet's name...) and then creates a password based on the keywords you entered. but how exactly does CUPP work?

humans, no matter how much we think we are unique, show the same patterns when it comes to passwords. we usually pick passwords that are easy to remember, so we take personal things into our passwords. for example, someone could easily remember a password that contains his birthday and the name of his wife. so for example, someone who has a wife named Lucy and was born on 05/07/1978, would have password like "Lucy05071978".

CUPP uses these "algorithms" that are hardwired in humans and exploits them, to generate a very effective wordlist.

i personally find CUPP very effective and it is my personal favorite for when i need to crack a password of a specific person. i once did an experiment with 20 friends to see if their password appeared on the CUPP wordlist after i gave CUPP some info about them, and guess what: 16 of the 20 had their password guessed by CUPP! anyway, enough talk, let's get our hands dirty!

Step 1: Fire Up Kali and Git CUPP

our first step is of course to fire up Kali, our beloved hacking system. once we have Kali up and running, we need to make a directory to store our CUPP files in our home directory. so enter this command:

mkdir CUPP

then navigate to that directory

cd CUPP

once inside the CUPP directory, go ahead and enter the following line into your terminal:

git clone https://github.com/Mebus/cupp.git

if git doesn't work, you probably don't have it installed. if so, enter this command:

apt-get update && apt-get install git

if everything goes alright, you should recieve an output like this:

Step 2: The Configuration File

like a lot of hacking tools, CUPP also has a configuration file. let's explore and manipulate it's options.

when we use the ls command after gitting CUPP, we can see that a new folder named "cupp" is created. when we navigate in that folder we see the following items:

cupp.py
cupp.cfg
docs which is a directory
README.md you can read this if you are bored.

let's open the configuration with leafpad

leafpad cupp.cfg

we will be greeted with the following screen:

as you can see, there are many settings, but for now, we want to focus on the "1337 mode" and special chars settings.

first, what 1337 mode does is simply go through all the passwords CUPP generated, will replace, for example, a with 4 in that password, and add the new password to the wordlist. this mode makes your wordlist larger, but it increases your chances of success BY TONS. however, we want a to be equal to @ aswell. to do that, simply add this line under "leet".

a=@

next up the special characters. these characters will also be added randomly at the end of the passwords generated by CUPP. i will not edit these, but if you want to, you can simply add a character to it. the other settings are quite self explanational.

Step 3: Using CUPP

now, we'll finally start using CUPP. start CUPP in interactive mode by invoking this command:

python cupp.py -i

here you will need to enter all the info of your target. you can get this info by doxing your target. but as an example, my "target" will be John Smith, he is an electrician, born on 05/10/1987, and goes by the nickname "Tirrian". he has a wife named Barbara, but we don't know her nickname. we know his wife is born on 14/07/1989. he also has a son named Alex, we also don't know his nickname, but we know his son was born on 19/03/2005. we also know he has a dog named Laika and he owns a company named ElectricFab. (no copyright infringement intended if this fictional company actually exists.) furthermore we know he is a huge soccer fan and supporter of Real Madrid.

John had to remember his password easily, so he made his password barbara, but replaced the a's with @'s to make it more secure, and he also added the birthday of his wife, which is 14/07, but without the dashes. so his password is:

B@rb@r@1407

take note that this password contains atleast one capital letter, is 8 characters long, has a number in it, and has a special character, which are the minimum norms for passwords on most sites.

(ALSO, take note that JOHN SMITH IS NOT A REAL PERSON! well ok, maybe there is a John Smith, but this one is completely out of my imagination and doesn't exist in real life!)

let's see if CUPP can guess it. enter John's info as followed:

as we can see, CUPP generated a dictionary of 37 thousand possible passwords of John, called John.txt. let's see if we can find his password in the text file.

Step 4: Search John.txt for the Password

now, simply open john.txt

leafpad john.txt

once it is opened, click "search" and click on "find". then enter john's password.

guess what? CUPP successfully guessed John's password!

How Can I Protect Myself?

simply don't use a password associated with you. what i personally use to make difficult passwords are "password" sentences. they are extremely difficult to crack, but really easy to remember by you.

first, take a random sentence you can remember, for example: "My girlfriend is ten times more attractive than my Religion teacher!" can be translated to "Mgi10XmatmRt!". that there, is a really good password if you ask me.

for more info on how to protect yourself, have a look at master OTW's tutorial on how to create stronger passwords. (he even explained better than me how to create a passphrase).

that's it for now, folks! i hope you all enjoyed reading the article!

if you need any help or have any questions, feel free to PM me!

-Phoenix750

53 Comments

That's cool.I will try it now.
It works now,cool stuff.
Thank you!

John Smith starred in Pocahontas :)

This program seems really cool, I can't wait to try it out when I get to my Linux box :D

i knew that name sounded familiar...

-Phoenix750

John Smith is the codename the Doctor uses. Why? It's so generic he can't be tracked. :3

but for me its showing directory is not available!!!!!!!! plz help me out of this!!!!!!!!!!

can you upload a screenshot of the error?

-Phoenix750

He "tried." He reminds me of the guy to tried to send me the link to one of his PMs... he used a local file URL.

file:///Screenshot%20from%202015-06-25%2013:40:10.png

can't he just upload an image using the image button here in the comments? atleast, that's how i do it.

-Phoenix750

He could, but obviously he doesn't know how...

Did you know that file:/// is localhost, ie your harddrive. I think you just gave the whole 1nt3rw3bz access to your home computer ;);)

sryyy its workng nw
sry fa disturbance

no problem. but i require you to be more exact. when does the error happen?

-Phoenix750

NICE USING NOW AFTER MA DOXING

Passwords original use was to deter people from accessing peoples accounts. Back when you would have to try every password manually. Now, we're fighting robots (controlled by humans). This XKCD article sums up a strong password!

Image via xkcd.com

In other words, don't ever choose words in your password that are relevant to you.

Really nice, this is very quick and useful tool when you have to guess the pass and you know something about his/her owner :)

Just a thing: I tried it out with my own password, obviously I wrote a combination of word that I knew where in it... But it missed my psw because of a capital letter!

i.e. if my password was "lightning50" i saw in the generated word list there was "Lightning50" even if I wrote both words "lightning" and "Lightning". Why did it choose only the word with the capital letter?

Thanks for sharing Phoenix750

can you take a screenshot of your configuration file?

-Phoenix750

I'm not that good at Python, but I think that my problem is in the source code of python file, there's a function that convert all first letter in uppercase. I think that I'll start from that!

(I also want to change somethings to allow the combination of more elements).
I'll let you know If i'll change something, and how i'll do it :)
Thank you anyway for your availability!

that might be the problem, yes. but to make it easier, you can add a configuration under "1337 mode" in the config file.

you want an uppercase L to be a lowercase L, so add to 1337 mode:

L=l

i haven't tried this myself, but that is how i would solve this issue.

-Phoenix750

Ok, thank you! I'll let you know.

ok, I have 2 issues and a question. starting from the question: how do you know the correct password between all in the wordlist? i mean, i have to try one by one? is there a software which can do the job for me? Now the issues: when i open the cupp.cfg the file is empty, but if i open it from the files it works. And when i try to open the cupp.py an error shows up: Errno 2 No such file or directory. sorry for the almost tl;dr

question 1: CUPP is NOT a password cracker! CUPP is a program to generate wordlists. you need to use the wordlist generated by CUPP with a password cracking program like THC-Hydra or Hashcat. Or any other password cracking program that requires

also, take note that CUPP has a high success rate, but it is still possible that CUPP can't generate the correct password if the target knows how to make strong passwords.

issue 1: i need more details. how are you trying to open it?

issue 2: make sure you are in the directory where CUPP.py is located, and that you have execution privileges on the CUPP.py file

here is how you start CUPP correctly (type this in your terminal)

cd <PATH TO CUPP.py FILE>
python cupp.py -i

-Phoenix750

i konow this isn't a password cracker. i'm sorry, i'm noob whith this and i'm also italian so I mess a lot with english. btw. did you make a guide for hashcat too? can you link it?

Ok i got this. i missed another cupp after the CUPP c:

Phoenix has a link to my hashcat tutorial above.

don't worry, it happened to us all in the beginning.

-Phoenix750

Yes...it's a word list

Hello...I had the same problem and I tried to fix it with this : cd <PATH TO CUPP.py FILE> , but it is not working....unexpected token newline and even if I remove < > it says No such file or directory....What can I do ?

I don't really seem to get your question. Care to explain it in more detail?

-Phoenix750

Sorry...I replied to the wrong person :p

I did what TRT said but it is still the same....the folder is in Downloads

Phoenix750:
I think he is trying to say he typed cd <PATH TO CUPP.py FILE> literally.

Alex ND:
A directory path looks like this: /root/Desktop/cat_pic_stash/

Wherever you downloaded CUPP to, that is where you navigate. I presume it is in the Downloads folder, so the command would be:

> cd /root/Downloads
Then you would use CUPP like this:
> python cupp.py
OR
> ./cupp.py

TRT

I tried them too but still isn't working .

If you execute the ls command, do you see cupp.py in the list?

-Phoenix750

Saying "this isn't working" will not solve anything and will only cause further questions. Reply with screenshots of the error messages and then we can help you.

TRT

I can confirm John Smith is a real person.

sorry for cracking your password ;)

-Phoenix750

thanks man for this :)

Cupp works fine except when I try to "add some key words about the victim". I enter some words separated by comma but when I validate I have the following error (I have version 3.0):

Traceback (most recent call last):
File "cupp.py", line 289, in <module>
words = rawsinput(">Please enter the words, separated by comma. i.e. hacker, juice,black: ").split(", ").lower()
AttributeError: 'list' object has no attribute 'lower'

Thank's for the tutorials

Don't put spaces in your list.

-Phoenix750

I already tried it but it doesn't work. I have put this:
test,testtwo

Try to remove ".lower()" from line 289 in cupp.py

-Phoenix750

It works o/
Thank's for the fast replies

EDIT:

I deleted ".lower()" but it try just uppercase or just lowercase
So I just write ".lower()" before ".split(, )" and it works

You're welcome.

-Phoenix750

when you download CUPP, there is another folder inside the folder you just created. you need to navigate there first.

-Phoenix750

So after playing around with CUPP for a bit, I noticed that I can't combine the custom keywords with the dox info. I've read the readme with no direction and no Google searching has helped. Is there a way to generate a more thorough list that does this?

When you have the list with passwords bob.txt, how do I use it on the zip fil that has a code ?

need at least 16 character.. pm me

Hi,
I just tried this script and first of all, I wondered if it is possible to use cupp3.py?
Because when I try to use it I have an error message:
~/CUPP/cupp# python cupp3.py -i
File "cupp3.py", line 147
print("\n- You must enter a name at least!", file=sys.stderr)

And if the answer is yes, is it better to use cupp.py or cupp3.py ?

Moreover, I tried to add a leet for a=@, but i failed to actually implement it:
I tried to modify the cupp.py file in the 3 different places it is needed to by adding those lines:
a2 = config.get('leet','a')
x = x.replace('a',a2)
x = x.replace('a',a2)
But it didn't work, the 'a' were only changed in '4', but not in '@'.
Can someone explain me how to do it properly?

Hey, I am a beginner. I was just trying to make a wordlist.

The thing/issue I got is that, when I wrote this " leafpad cupp.cfg " command, it opened the leafpad but it was blank and all empty. I don't get why it happened. Help me, please?

Share Your Thoughts

  • Hot
  • Latest