Electronic devices are usually protected with one of the following: 4-digit passcodes, 6-digit passcodes, alphanumeric combinations, and even biometrics, each providing varying levels of security.
The simplicity of a 4-digit passcode may be appealing for quick access, but it can be easily compromised, as there are only ten thousand possible combinations. On the other hand, a 6-digit passcode offers a greater range of possible combinations—one million to be exact—making it slightly more secure.
Alphanumeric combinations can significantly enhance safety by incorporating letters, numbers, and symbols, although they may be less convenient for the user.
Furthermore, biometrics, such as fingerprint or facial recognition, offer an advanced layer of security by relying on unique physical characteristics, which is why they have become increasingly popular in recent years. However, what we will discuss today won’t apply to biometrics, focusing instead on conventional passcode methods.
Have you ever tried to guess your friend’s passcode? This is referred to as brute forcing. It’s basically trying every possible combination that exists until you hit the correct password. As you may have guessed by now, this can be very time consuming if you are actually doing the guess work, but if you are a computer, this process is almost instantaneous.
In fact, modern computing power allows for millions of passwords to be tested every second. This method can become even more efficient when using specialized software designed for password cracking.
However, the ease of brute forcing also underscores the importance of choosing strong, unpredictable passwords that include a mix of letters, numbers, and symbols, making it significantly harder for even the most advanced computer systems to crack them.
If you read my previous post you know that sometimes companies get breached, and tons of data are stolen. This could include your password.
When hackers gain access to this valuable piece of data they create what’s called a wordlist. However, it is not necessary to breach a company to compile thousands of possible passwords into a document.
With Open-Source Intelligence (OSINT) you can gather enough public information to create your own wordlist aimed at individual targets.
CUPP
Today I will show you how to use the Common User Passwords Profiler, or CUPP.
CUPP is a password generator tool written in the Python programming language. If you are not familiar with programming languages do not get intimidated. CUPP offers a simple user interface where you can add your target’s information and it will automatically generate the wordlist.
Installation
In this example, I will be installing CUPP in my raspberry pi running Kali Linux. You will be surprised at how easy it is to get such a powerful tool. Open up your terminal and type this one-liner:
sudo apt install cupp
Using CUPP
After installing CUPP, you can get it started with this command:
cupp -i
It will ask you some questions about your target like first name, surname, birthdate, partner’s name, and so on. Then, it will ask you if you want to add some keywords about the victim, any special character at the end of words, or random numbers at the end. Lastly, it will ask if you want to enable leet mode.
Just like that, we just created a robust list of over twenty-eight thousand unique passwords, meticulously generated depending on the amount of information you provided and the various options you enabled during the process.
Above is an example of my custom wordlist, showcasing variations of the name “Cyber-Jot,” which illustrates the personalization of the output. By leveraging such detailed input, we can significantly increase the chances of generating the correct password.
Remember to always be careful of what you share online as it can be used against you in various ways. You never know when you can become a target of interest, whether by malicious actors or even unintended audiences. The information you post could be scrutinized or misinterpreted, leading to potential risks for your personal and professional life. Therefore, it is wise to think critically about the content you divulge on social media platforms, forums, or any online spaces.
If you want to learn more about making your passwords more secure, read my previous post to understand the importance of strong password practices and how they can significantly enhance your online security.
Discover more from Cyber-Jot | Learn Cybersecurity & OSINT
Subscribe to get the latest posts sent to your email.
Leave a Reply