官术网_书友最值得收藏!

Profiling users for password lists

So far, you have learned to use passive reconnaissance to collect names and biographical information for users of the target being tested; this is the same process used by hackers. The next step is to use this information to create password lists specific to the users and the target.

Lists of commonly used passwords are available for download, and are stored locally on Kali in the /usr/share/wordlists directory. These lists reflect the choices of a large population of users, and it can be time consuming for an application to attempt to use each possible password before moving on to the next password in the queue.

Fortunately, Common User Password Profiler (CUPP) allows the tester to generate a wordlist that is specific to a particular user. CUPP was present on Backtrack 5r3; however, it will have to be downloaded for use on Kali. To obtain CUPP, enter the following command:

git clone https://github.com/Mebus/cupp.git

This will download CUPP to the local directory.

CUPP is a Python script, and can be simply invoked from the CUPP directory by entering the following command:

root@kali:~# python cupp.py -i

This will launch CUPP in the interactive mode, which prompts the user for specific elements of information to use in creating wordlist. An example is shown in the following screenshot:

Profiling users for password lists

When the interactive mode has completed creating wordlist, it is placed in the CUPP directory.

主站蜘蛛池模板: 石楼县| 黄山市| 思茅市| 安龙县| 克拉玛依市| 梨树县| 阿坝县| 岗巴县| 维西| 竹溪县| 资中县| 伊宁县| 柘荣县| 霍山县| 宁晋县| 武强县| 景谷| 新疆| 赤水市| 乐清市| 高安市| 民和| 通山县| 乐清市| 抚远县| 鄂托克前旗| 泌阳县| 南皮县| 崇信县| 石楼县| 大英县| 万安县| 白城市| 元朗区| 汨罗市| 永靖县| 七台河市| 禹州市| 上虞市| 理塘县| 香港 |