In this tutorial for Cr0w’s Place we are going to see how to generate a wordlist / dictionary file in Kali Linux, with a different tool, called CUPP. The difference is that this tool uses questions related to the victim, to produce a personalized wordlist for him/her. It is a really useful and effective tool, and it has also been shown in Mr. Robot series.
CUPP is a very powerful tool that creates a wordlist specifically for a person. CUPP is cross platform and written in Python. CUPP asks us questions about the target (name, wife’s name, pet’s name…) and then creates a password based on the keywords we entered.
To install it, go to a folder with a terminal window and type:
git clone https://github.com/Mebus/cupp.git
After this, and into the newly created cupp folder, we start the program like this:
- -h this menu
- -i Interactive questions for user password profiling
- -w Use this option to profile existing dictionary, or WyD.pl output to make some pwnsauce 🙂
- -l Download huge wordlists from repository
- -a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.
- -v Version of the program
If you like my job please Subscribe.
Thank You For Watching.:)
As you already know, I have started to be more active these last years in the field of security. I am not just an enthusiast, but I work and study for this field. The purpose of this post isn’t to present you my resume, but to start something new.
All these years I work alone. I write, test, and learn alone. I have also, compete in some CTFs alone, with random teams, from forums and Reddit. But I want to end this now. I want to create a team, and start to compete, wherever it is possible, develop-learn-share knowledge together, and start something new, that will offer not only to us, but hopefully to everyone.
I don’t know the name, I don’t know how many people we will be, but I want people with passion for the Security sector. Passion for computer hacking, developing, programming, penetration testing etc. I don’t want the guy that studies I.T. and goes to work just to live. Let’s create something extraordinary!
I will be happy to hear and speak with you. I am based in Greece, but I don’t thing that I want to restrict it here, so everyone is welcome. Feel free to ask me anything in any of the contact ways that you may find in this blog.
Previously, we talked about the process I followed to get awarded with a student scholarship on BlackHat Europe 2016. As I told you, I followed the application process and I answered the required questions, as I showed you in part 1.
In this post, I will show you the acceptance email that I received in my inbox, ~40 days after my application.
Congratulations, you have been awarded a complimentary Student Scholarship to attend Black Hat Europe 2016 in London. Black Hat Europe is the most technical and relevant global information security event in the world. For more than 19 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment. This is an outstanding opportunity for students to learn from and network with some of the most talented researchers and practitioners working in InfoSec today.
Event: Black Hat Europe Briefings
Date: November 3 and November 4, 2016
Location: Business Design Centre, London
Requirements: In order to register for your complimentary Student Pass, you must meet the following requirements:
- Must be at least 18 years old at the time of the event
- Must provide copy of verifiable proof of full-time academic status at an accredited college or university (copy of class schedule or syllabus)
- Must provide copy of valid and current college/university ID card
- You must be able to provide your own travel to and accommodations in London —these are not included
- Submit your materials on or before September 30, 2016.
Please reply to this email with the required information and we will set up your registration. If you have any questions or need any more information, please contact us at email@example.com
Congratulations on your nomination, and we hope you will be able to join us at Black Hat Europe this year.
The Black Hat Team
The email came from the address firstname.lastname@example.org.
As I mentioned in my previous post, I recently got awarded with a complimentary Student Scholarship to attend Black Hat Europe 2016 in London. Of course they do not search for all the qualified students in the world, but you as a student have to apply for the scholarship and after a review from their side, be accepted or rejected.
The application form is hosted here and consists of several questions. I will now provide you the answers I gave to the application form, but of course if you decide to apply, give your own answers, as my answers have been recorded and you will immediately disqualified.
I have to thank many people for this opportunity, and for the state that I’ve reached until now, but I will not do it publicly. Keep in mind that all the above are property of the Cr0w’s Place and Thomas Sermpinis, and their use is prohibited. They have been uploaded for educational purposes only. Thank you and I wish good luck to every contestant.
BlackHat Europe 2016 is taking place in London, 1-4 November 2016. I will be happy to meet you there.
Long time since our last talk. I have to say sorry, but I am pretty busy those last months. I graduated in my bachelors, I started a Masters degree and many more.
The thing I want to talk you about today, is a new course that I instruct, which has to do with Android Malware Analysis. It has started 2 weeks ago and it will continue for 2 weeks more, but don’t worry, it’s self paced. You can start it whenever you want, it will be online for a long time. You can find it in eForensics magazine, in this link.
I hope that you will like it, if you decide to start it. Feel free to ask me anything, before you start, or during your course time.
Another interesting thing about Cr0w’s Place is that I will attend the BlackHat Europe conference in November. I will cover most of the things that I will see there and if some of you attend too, I will be happy to meet and talk with you.
Long time no see. I have been lost from the blog and the channel lately, but I am in the point of my life that I am finishing my Bachelors degree and I am searching for a more “stable” job. No complaints, everything is fine until now, and I hope that it will continue to be.
The subject of this post is different. The last 3 months I was attending the CS50 course from Harvard University in the edx platform, and I am pretty happy about it. Most of the courses material was familiar for me, but I thing that for a starter in the computer science world, is a really good catch. Also, you can attend for free if you want just the knowledge, without the verified certificate.
Also, you can find my solved exercises in my GitHub page, here.
Stay tuned 😉
In this tutorial for Cr0w’s Place we examine the BadUSB vulnerability, and we exploit a vulnerable flash drive to work as a HID device, and perform keystroke attacks.
BadUSB is a vulnerability in the microcontroller chip of every USB device, that let us reprogram the original firmware with a patched one, that makes a device type to be presented in the victim as an other type.
Note: If you buy a confirmed device, you might not end up with one with the PS2251-03, as manufacturers seem that many times use different controllers even with same device models.
Original code link
Rubber Ducky payloads
Rubber Ducky skripting language
If you like my videos please Subscribe to my channel.
Thank You For Watching.:)