Hello, my fair blackhats! Today we will be using a tool called Crunch to generate wordlists for use in all types of password crackery. This article was requested by Sergii, from our Article Request Page.
Who’s ready to get started?
If you have Backtrack, you should already have crack installed. Just navigate to cd /pentest/passwords/crunch for now while I get everyone else caught up to where we are.
If you do not have Crunch yet, or are not sure, download a copy from the link above. Once you have downloaded the link, you can watch THIS VIDEO HERE which shows how you compile the Crunch source code into a usable program. For those of you that are new to Linux, this video is perfect because it goes step-by-step.
Now that we are all on the same page, here are the flags that you can use in Crunch. You can find a current-version of this info by opening the terminal, and typing “man crunch” to view the manual pages for Crunch. You can press “q” when you are done reading; it can be a bit confusing to close a man page at first, or at least for me it was.
-b Maximum bytes to write per file, so using this option the wordlist to be created can be split into various
sizes such as KB / MB / GB (must be used in combination with “-o START” switch)
-c Number of lines to write to output file, must be used together with “-o START”
-d Limits the number of consecutive identical characters (crunch v3.2)
-e Specifies when crunch should stop early (crunch v3.1)
-f Path to the charset.lst file to use, standard location is ‘/pentest/passwords/crunch/charset.lst
to be used in conjunction with the name of the desired charset list, such as ‘mixalpha-numeric-space’
-i Inverts the output sequence from left-to-right to right-to-left
(So instead of aaa, aab, aac, aad etc, output would be aaa baa caa daa)
-l When specifying custom patterns with the -t option, the -l switch allows you to identify which of the characters
should be taken as a literal character instead of a place holder ( @,%^ )
-o Allows you to specify the file name / location for the output, e.g. /media/flashdrive/wordlist.txt
-p Prints permutations of the words or characters provided in the command line.
-q Prints permutation of the words or characters found in a specified file
-r Resumes from a previous session, exact same syntax to be used followed by -r
-s Allows you to specify the starting string for your wordlist.
-t Allows you to specify a specific pattern to use. Probably one of the most important functions !
Place holders for fixed character sets are ;
@ — lower case alpha characters
, — upper case alhpa characters
% — numeric characters
^ — special characters (including space)
-u Supresses the output of wordlist size & linecount prior starting wordlist generation.
-z Adds support to compress the generation output, supports gzip, bzip & lzma
Do you see any juicy ones in there? Here are some combos that I like. If you have some that you like that I have not mentioned, let me know and I will add them in there!
./crunch [min length] [max length] [character set] [options]
This is the accepted form for proper usage of Crunch.
./crunch 10 10 0123456789ABCDEF
Complete 10-digit hex-range. Good for WiFi.
./crunch 10 10 -f charset.lst numeric -t 901%%%%%%%
Complete phone number list of 901 area code.
./crunch 10 10 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ -b 1gb -o START
Every 10 character combo of the characters listed, split into 1GB files.
./crunch 4 4 -f charset.lst numeric -o PinNumbers.list -z gzip
Every 4-digit PIN number, output to the file PinNumbers.list, compressed as a gzip file.
Like I said, these are just some of my favorites If you want me to add your favorites, just let me know in the comments below and I’ll add them in there!
SHARE, LIKE, and SUBSCRIBE!!