官术网_书友最值得收藏!

Profiling users for password lists

So far, you have learned to use passive reconnaissance to collect names and biographical information for users of the target being tested; this is the same process used by hackers. The next step is to use this information to create password lists specific to the users and the target.

Lists of commonly used passwords are available for download, and are stored locally on Kali in the /usr/share/wordlists directory. These lists reflect the choices of a large population of users, and it can be time consuming for an application to attempt to use each possible password before moving on to the next password in the queue.

Fortunately, Common User Password Profiler (CUPP) allows the tester to generate a wordlist that is specific to a particular user. CUPP was present on Backtrack 5r3; however, it will have to be downloaded for use on Kali. To obtain CUPP, enter the following command:

git clone https://github.com/Mebus/cupp.git

This will download CUPP to the local directory.

CUPP is a Python script, and can be simply invoked from the CUPP directory by entering the following command:

root@kali:~# python cupp.py -i

This will launch CUPP in the interactive mode, which prompts the user for specific elements of information to use in creating wordlist. An example is shown in the following screenshot:

Profiling users for password lists

When the interactive mode has completed creating wordlist, it is placed in the CUPP directory.

主站蜘蛛池模板: 安宁市| 左云县| 峡江县| 丰顺县| 万宁市| 万源市| 嘉禾县| 汉源县| 吉安市| 关岭| 淳化县| 铁岭市| 西贡区| 莱芜市| 乌兰浩特市| 桦南县| 会理县| 沧州市| 泽库县| 泰安市| 乌什县| 西藏| 福州市| 漯河市| 剑阁县| 宝丰县| 留坝县| 芜湖市| 厦门市| 万州区| 望江县| 新密市| 涡阳县| 渭源县| 卓尼县| 香格里拉县| 陈巴尔虎旗| 大石桥市| 自贡市| 醴陵市| 阳春市|