Friday 2 April 2010

Creating wordlists with crunch v2.4

Edit 12-06-2011
crunch v3.0 is now included in the BT repositories, 
v3.0 has many big fixes and additional functionality, some items/switches have however been altered.
Therefor, this post is superceded by  ; 
http://adaywithtape.blogspot.com/2011/05/creating-wordlists-with-crunch-v30.html


crunch is an invaluable tool for quickly (well.. depending on the size of wordlist..) creating bruteforce wordlists.

The latest version released recently is v2.4 and compared with the release currently installed with backtrack 4 (v2.0) comes with some very cool additions.
The version of crunch in backtrack 4 repositories is expected to be updated within a few days to crunch v2.4
Edit dd 03-07-2010 -- Crunch 2.4 is finally included in latest updates !

crunch is one of the first tools that come to mind when needing to create a bruteforce wordlist and since it has been modified so heavily since I first stumbled on it with backtrack 3, I figured it was time for a full and comprehensive testing,  to be able get to grips with all the latest goodness in it !

The default path for crunch v2.4 in backtrack 4 is;
/pentest/passwords/crunch/


crunch's output is printed to screen when no -o option is given to write to file, so you can easily check to see if it is doing what you wanted.
It can also be piped through to additional programs such as aircrack or cowpatty.

general usage is ;

./crunch [minlength] [maxlength] [charset] -o wordlist.txt

NOTE:
It is close to impossible to stop crunch to still show the command given, so the below pics are images of part of the output from the given command..

BASIC USAGE & CHARACTER SETS
==============================

 If no character set is defined, crunch defaults to using lower case alpha only ;

./crunch 4 4


The charset can be entered manually in the command line ;

./crunch 4 4 ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789




The output can also be inverted using the -i option.

So as opposed to ;

./crunch 4 4 ABCDEFG




Using the -i option will invert the direction when making the wordlist from left-to-right to right-to-left ;
./crunch 4 4 ABCDEFG -i




Or a charset can be chosen from the charset.lst file which saves on the typing (and typoes..) when dealing with normal ranges of letters, numbers and symbols.
charset.lst (included in the crunch installation package) ;

















./crunch 4 4 -f charset.lst mixalpha-numeric

The output using charsets can also be inverted using the -i option.



CREATING CUSTOM PATTERNS
==========================

The great thing about crunch is the ability to create patterns with the -t option, this function has been greatly improved with crunch v2.3 and now offers many more possibilities than before.


To create a wordlist with a prefix of 'dog' followed by the characters in a chosen charset ;
./crunch 6 6 -f charset.lst lalpha -t dog@@@




Or having 'dog' appended to the end of the chosen charset ;
./crunch 6 6 -f charset.lst lalpha -t @@@dog




Or to have 'dog' bang in the middle ;
./crunch 7 7 -f charset.lst lalpha -t @@dog@@















In this latest version of crunch it is also possible to create a pattern, specifying where you want
characters / numbers / symbols
which can really be handy in reducing the overall size of the wordlist if you know there is a certain pattern involved;

./crunch 6 6 -f charset.lst mixalpha -t @dog%^
In the above example ;
@ --> will read and print from the specified character set only.
% --> will print numeric values only.
^ --> will print symbols/special characters only, including space.




This feature opens up easier and powerful options for creating lists with certain patterns of special characters or numbers;

For a 4 character wordlist containing only special characters.
./crunch 4 4 -t ^^^^




For a 4 character wordlist containing numbers and special characters in the sequence; 1$1$
./crunch 4 4 -t %^%^




For a 4 letter wordlist containing characters and numbers in the sequence; a1a1
./crunch 4 4 -t @%@%
Note that if no character set is defined, crunch defaults to lower case alpha character set when using @



For a 4 letter wordlist containing characters from a character set and special characters in the sequence A$A$

./crunch 4 4 -f charset.lst mixalpha-numeric-space -t @^@^


Character sets to use for the -t option can also be specified ;

To use ;
ABCD as characters
1234 as numeric values
@#$% as symbols

./crunch 6 6 -t @dog%^ ABCD 1234 @#$%

or

./crunch 7 7 -t ^@dog%@ ABCD 1234 @#$%



Note that when specifying character sets like this for use with the -t option, the sequence of the character set specification must be;
alpha -- numeric -- symbols

Some special characters need escaping, to do this make sure a backslash \ is placed before the character to escape, so for instance using the above example, but requiring a symbol charset of ;
!()&

./crunch 6 6 -t @dog%^ ABCD 1234 \!\(\)\&






STRING PERMUTATIONS
====================

Crunch also now has the possibility to generate permutations instead of combinations on either strings of characters or words.

To generate permutations on characters, specify with the -p option, fun for anagrams !
(although crunch then ignores min and max length, you do still need to enter them)

./crunch 1 1 -p dog



To generate permutations on words/strings, specify same with the -m option,
(again, although the min and max length is ignored, it does need to be entered)
The -m option does not (yet) have the capability to read from file, this however, has been placed in the author's to-do list.

./crunch 1 1 -m cat dog pig















OUTPUT OPTIONS
===============

Resulting output from crunch can also be split in various sizes, based on either line count or on actual size and can also be compressed.


To split the output based on line count, use the -c option combined with -o START ; 

./crunch 4 4 -f charset.lst lalpha -o START -c 100000
The above will result in files being created containing no more than 100000 words (lines).




Output files can be split into files of a certain maximum size using the -b option combined with -o START.
The size definition can be;  kb, mb, gb  or  kib, mib, gib
kb, mb, and gb are based on the power of 10 (i.e. 1KB = 1000 bytes)
kib, mib, and gib are based on the power of 2 (i.e. 1KB = 1024 bytes).

Creating files no larger than 500kb :
./crunch 4 4 -f charset.lst lalpha -o START -b 500kb




Creating files no larger than 1mb :
./crunch 4 4 -f charset.lst lalpha -o START -b 1mb





Output files can also be compressed with the -z option, using either bzip, gzip or lzma

./crunch 4 4 -f charset.lst lalpha -o wordlist -z gzip



A resume function is also built-in with the -r option;
After cancelling the build of the wordlist, the exact same syntax must be used again followed with the -r option ;

./crunch 4 4 -f charset.lst mixalpha -o wordlist.txt 
./crunch 4 4 -f charset.lst mixalpha -o wordlist.txt -r




There are many options and it truly is a great tool.


Thanks to bofh28 for reading my ramblings and thanks for this awesome tool !


The latest build can be downloaded at ;

http://sourceforge.net/projects/crunch-wordlist/

156 comments:

  1. I am trying to create a password dictionary list based on 9 phrases. I know the pieces of the password but cannot remember how to assemble it. If anyone can help me I'd appreciate it. I downloaded crunch into Vista but it just sits there and asks me what program I wanna use to open it.

    ReplyDelete
    Replies
    1. backtrack is linux's program, you can open in the virtual machine on the Windows,help my bad english.

      Delete
  2. crunch is meant for linux, not Windows.

    If only 9 phrases, do not see why you would really need crunch anyway.

    ReplyDelete
  3. I want to create a password list with phone number like

    4162000000 to 4169999999

    where 416 is the area code

    I tried different formulas but no luck

    ReplyDelete
    Replies
    1. ./crunch 10 10 1234567890 -t 416@@@@@@@ -o phone.txt

      Delete
  4. The correct code to use could be one as follows ;

    ./crunch 10 10 -f charset.lst numeric -t 416@@@@@@@ -o tel.txt


    Give it a shot !

    ReplyDelete
  5. Tape, I like your website, your articles and appreciate the time you spend maintaining it.

    On your last post about making a crunch number list,

    ./crunch 10 10 -f charset.lst numeric -t 416@@@@@@@ -o tel.txt

    I was trying to make a similar list, but making it inverted. I wanted to start at 4169999999 and work backwards to 4160000000.

    I tried using the -s and -i switches, but could not get it to work.

    Any suggestions??

    Thanks.

    ReplyDelete
  6. Tape, found a general way to do the inverted list.

    Get crunch to make a number list first (as the above post)and save it.

    Open a terminal, type in:

    sort -r -o

    The new file will create the inverted list.

    However, I would still like to do this with Crunch...

    ReplyDelete
  7. Well, hello anonymous ;)

    First off, thanks for your interest in my blog, it helps to have people comment to give an incentive to continue the posts !

    Regarding crunch, the way it works is with character sets, so in the case of using the numeric character set included (0123456789) it starts the sequence as it is entered in the charset list.

    If you want to invert the way the characters are used, you should input it manually as follows ;

    ./crunch 10 10 9876543210 -t 416@@@@@@@ -o tel.txt

    You can always input the characters to be used manually, so the numeric sequence can be as you like, but the above should do what you want.

    By the way, thanks for the sorting option ;) I was looking for it earlier after I read your post !
    Comments on how to do / fix things are what make the world go round :D

    ReplyDelete
  8. Thanks,

    Your above post about the inverted list worked exactly as I wanted it to:

    ./crunch 10 10 9876543210 -t 416@@@@@@@ -o tel.txt

    I can't believe that I couldn't figure it out...

    Looking forward to your next article...

    ReplyDelete
    Replies
    1. Hi there, I was trying to do the same thing for the 416 area code. I followed the same format and it worked beautifully to create the telephone numbers.

      I was reading about the phone exchange and there are several numbers that could be removed from the list (http://en.wikipedia.org/wiki/Area_codes_416_and_647#Central_Office_Codes) i.e. any numbers below 416-200 or any of the defined business exchanges. I was going to use Sed and extract these exchanges, but I ran into a problem extracting lines with a prefix of 416199 and below because it may also include valid numbers like 4169416199, 4168416199, 4167416199.

      Delete
  9. Hello TAPE,
    I want to make an word list that contains lowcase letters from a to z with 10 letters on each line. But i do not want more than two of the same letter after each other. Making an list with all possible combinations from a-z with 10 letters would make one huge word file.

    Would that be possible?

    ReplyDelete
  10. Hey Tropican,
    I think I understand what you want to do, however am not sure whether crunch is whatyou want.

    Even if trying the permutation option with lower case and cutting 16 characters off with cut for instance, not sure if its what you want and would still result in a huge list.
    (be patient ;)

    You could give it a shot I suppose ;

    ./crunch 1 1 -p abcdefghijklmnopqrstuvwxyz -o test_full.txt
    cat test_full.txt | cut -c -16 > test_10.txt

    Let me know how you get on :)

    ReplyDelete
  11. Hey TAPE
    thanks for quick reply, i tryed some to do a demo of this but it seems like its not doing what i want it to.

    abcdefghijklmnopqryzwxtusv
    abcdefghijklmnopqryzwxtuvs
    abcdefghijklmnopqryzwxtvsu
    abcdefghijklmnopqryzwxtvus
    abcdefghijklmnopqryzwxustv
    abcdefghijklmnopqryzwxusvt
    abcdefghijklmnopqryzwxutsv


    Looks like it's shuffling the letters, and not making combinations with letters
    Seems to me the same letters go at the end of the lines just in different combos, that will make the A letter never appear two times on the same line.
    When i ran the cat after a test file was made it where 2000 lines with the same letters on it. OFC that would be different when its finished but the first letters would still be the same up to the shuffle was finished.

    Probably have to write some perl script for this i guess :( But thanks for the try and quick help! :)

    ReplyDelete
  12. Ah, I misread your first comment, didnt realise you wanted letters to appear twice in the list.

    If I have a sudden brain-wave I will mention it, however unlikely at this time I have to admit !

    ReplyDelete
  13. Great tool, If i want to creat a wordlist with following word "BiscottE" what is the most easy and fast way?
    The first and the last letter is upercase. Is there a fourth symbol to upercase letters?
    Thanks

    ReplyDelete
  14. By the way to achive that word i use ./crunch 8 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ -o @@@@@@@@ but of course I supposedly did not know the word.

    ReplyDelete
  15. LOL, you got me stumped.. sorry but no, crunch cannot help you do that in one go.

    What you could try is to create the wordlist in crunch based on all lowercase.
    ./crunch 8 8 -f charset.lst lalpha

    Then use awk/sed to replace the 1st and last characters with the upper case equivelant.

    Have had a quick look on how best to do that, but nothing jumped out and bit me !
    I am not so familiar with sed / awk so some more googling your side required !

    Remember that the size of such a wordlist is large to put it mildly.

    ReplyDelete
  16. Thanks for the tip. ;-)
    I am using crunch for generate password, and i pipe to aircrack-ng but the pass that i want have the first and the last letter upercase.

    why crunch dont have a symbol for upercase letter? it is very usefull!

    eg ./crunch 8 8 mixalpha -t #@@@@@@#

    @ = lowercase
    # = upercase

    ReplyDelete
  17. Well, bofh28 has done a hell of a job making it what it is today and kudos to him for continuing developing this tool !
    I just made a right-up of his hard work.
    Must admit I like the idea though, why don't you submit it to him ?
    He is active on the Backtrack4 forums.


    However, I looked a bit closer into it using sed and think I have found your solution :)

    ./crunch 8 8 -f charset.lst lalpha | sed 's/^./\U&/; s/.$/\U&/' > output.txt

    That will hopefully do exactly what you wanted ;)

    Again though, be prepared for a friggin big list..

    ReplyDelete
    Replies
    1. i wanna make a word list without repeating the same character twice in a line, can you help me please?

      Delete
    2. Please post new queries at THE END OF THE COMMENTS
      and also on the new crunch 3.0 post.

      Give an example so I have something to work with.

      Delete
    3. Also look at my post on Wordlist Manipulation

      Delete
  18. For years i was a windows user, but recently i moved to linux and i became a big fan.
    About backtrack and the tools that are available as crunch i just want to say one thing... HAIL to their creators and developers.
    Ok, i will submit the idea to him.
    TAPE thanks for help. :-D yes it was exactly what i needed.

    ReplyDelete
  19. It's amazing isn't it, there are so many people putting so much time
    into creating free applications, its a fantastic community.

    And glad I could be of help ;)

    ReplyDelete
  20. i use the program and i really like it well i have 1 Q ?
    how i can make password list start from 0123456789 to 9999999999
    great work thx alot

    ReplyDelete
  21. Hey SiLeNt,

    BOFH28 has made this program into a real gem hasnt he !

    The code you would need is the code to only choose numeric characters, so either using the numeric charset, or entering the charset manually.

    Some examples;
    ./crunch 10 10 -f charset.lst numeric -o numbers.txt

    ./crunch 10 10 -t %%%%%%%%%% -o numbers.txt

    ./crunch 10 10 0123456789 -o numbers.txt

    ReplyDelete
  22. thxxx TAPE for the fast replay
    really its a good work 100% keep goin man
    ill use the command u give me now
    i really like the program i can make any worldlist i want

    ReplyDelete
  23. Just to make sure you fully understand ;)

    crunch has evolved thanks to the work of bofh28, I have done nothing other than check it out and do a write up of the version 2.4 :)

    But anyway glad you like the write up and that it helps !

    ReplyDelete
  24. TAPE i keep it for 2 hrs and nothing happen just keep freezing i copy the code like the way u give it to me
    i dont know whats wrong
    most of my friend ask me for the 10 numbers i cant make it sorry man
    do u have any other code i can try it

    ReplyDelete
  25. The code is fine :)

    Your patience not so much.

    Try the code with max length 4 so you can see it works.

    10 digits is going to take forever and the size of the list would be huge..

    ReplyDelete
  26. oh ok man i think its not gonna take long time like this code i use it its fast
    ./crunch 10 10 -f charset.lst numeric -t 0788@@@@@@ -o tel.txt
    ill do it and go to sleep i hope when i wake its ready
    thxxx again my folt :P

    ReplyDelete
  27. i remember i see cowpatty here but i cant found it i have an idea its like new update for cowpatty
    i use Grinwepa
    is there anyway to make for a cowpatty a java program so i can add the file.cap and the pass list , thanks alot i really like ur work man and i post ur link in manny website you the best

    ReplyDelete
  28. There is a post here on using cowpatty;
    http://adaywithtape.blogspot.com/2009/07/back-on-track-to-backtrack-wpa-cracking.html

    You can use crunch to pipe the output through to cowpatty as described in the above post.

    ReplyDelete
  29. Hi,
    I want to generate a wordlist because i forgot a important password (Yes I've learned now) What i know about the password is that it has 8 char, and i know it don't start on 2 or more similar chars after each other . It's more looking like this: x5DkOLtw. When generating with crunch it will start like this aaaaaaaa,aaaaaaab, i want to generate with out 2 or more similar chars at start to save space and time. How can i accomplish this? And about the space issue, maybe i can first generate a wordlist starting with a and all the combinations and if not the password is found there i continue with b,c,d? Is this possible?

    ReplyDelete
  30. If the password is starting with a space, then you can specify same manually.

    All the answers you desire are covered in the above post !

    Use the filtering options to cover which characters are used at certain postitions.

    Also I would recommend using the latest crunch v2.6 which is available for download at sourceforge.com.

    ReplyDelete
  31. Thank you for quick reply.

    Well i don't understand it, i can't use -t a@@@@@@@ since that will only give lower case, i don't know the 2. char and so on. I just want it to start from a and make every possible combination with mixalpha-numeric charset. And skip with similar char after each other if you understand.

    ReplyDelete
  32. Hey there Roy !

    Sorry I was a bit short on the previous post.

    I am still not entirely sure I understand what you want to do..

    For a full wordlist you can use ;

    ./crunch 8 8 -f charset.lst mixalpha-numeric-all -o big-friggin-wordlist.txt

    for a complete list.

    But that is going to be a size you really can't handle..

    Perhaps you could write some examples of what you are trying to achieve as I cannot figure out what you need exactly..

    ReplyDelete
  33. Ok, sorry for my English, I'll show you examples. Running ./crunch 8 8 -f charset.lst mixalpha-numeric-all -o big-friggin-wordlist.txt will give me:
    aaaaaaaa aaaaaaab aaaaaaac aaaaaaad aaaaaaae aaaaaaaf
    aaaaaaag aaaaaaah aaaaaaai and so on. Since i know my password does not start on equal chars i want to skip that to save space. My password looks like: kVAgN3ha Another way to solve this is to make a wordlist-a.txt list, witch has all combination for the starting letter a. Then i test that wordlist and if i get no hits, I'll make wordlist-b.txt with starting letter b. But i don't know how to accomplish that. since using -t a@@@@@@@ will do only lower case and i have a mix and does not know where they are positioned in the password.

    ReplyDelete
  34. Don't worry abt the English, its good :)

    If I understand you correctly, you dont want the wordlist to contain the same characters twice in a row.
    Crunch is not able to do that, unless you specify which character should be placed where in the word (with the -t option).

    I think you may not fully understand how crunch works (If you do, please do not take offense).

    So I would suggest you try using the various options as mentioned in my blogpost and base on 4-5 characters so you can fully understand what crunch CAN do and what it CANNOT do.

    If you do know the characters which are in the password, but dont know the exact order, you can greatly reduce the size of the wordlist by choosing only the characters you need, and choosing the order in which you want them in the passphrase.

    I would like to help you further, however am not sure that crunch is what you require.

    remember that crunch is basically to be used to create a bruteforce wordlist.
    However, if you know sequences and characters in the passphrase you reduce the size considerably by specifying that.

    Sorry if I cant be of any help to you with this.

    ReplyDelete
  35. Well, yes you answered one of my questions, know let me ask you this, is it possible to make wordlist-a.txt, wordlist-b.txt and so one? What i want to do is to generate 8 length password starting with a, then see if the password is there, if not make I'll make wordlist-b.txt where the starting char is b and so one. You are right i don't understand it that good i think. Since making a bruteforce list of starting char a should be easy, eh? Thank you for your time.

    ReplyDelete
  36. Yes that it easy, you can use the -t option to specify a character in a certain position;

    ./crunch 8 8 -f charset.lst mixalpha-numeric-all -t a@@@@@@@ -o big-list.txt

    Play around with the -t option so you can fully understand what the possibilities are with crunch.
    Also, if using Backtrack 4, make sure you do an apt-get update && apt-get upgrade
    so that you get the latest version of crunch (v2.6) which shows you what size you are looking at when starting to create the wordlist.

    ReplyDelete
  37. I know what the command is to create an min and max 8 char' string all uppercase is but that is too big.
    What would the command be if i wanted to split it up?
    I mean A to Z like this AAAAAAAA
    AAAAAAAB
    etc to
    AZZZZZZZ
    So I could run the A's then the B's etc.
    Thanks.

    ReplyDelete
  38. Try a bit more testing ;)
    Use the charset.lst to specify the upper alpha character set only and then fix the first character to the letter you want.
    For instance ;
    ./crunch 8 8 -f charset.lst ualpha -t A@@@@@@@ -o upperA.txt

    ReplyDelete
  39. Thank you for the reply.
    I tried fixing The first letter A but the @@@ variables are all lower case?
    I copied your command and its the same thing?
    Thanks for the help.
    Mark

    ReplyDelete
  40. My bad. Just gone through the man pages I see what I was missing.
    Thanks for your help mate.

    ReplyDelete
  41. Hey Mark, glad you found your answer !
    as you probably found ;

    when using the -t option, the @@@'s take input from the charset, if no charset is given it takes the default of
    lower case alpha. So you have to provide the correct charset or enter it manually.

    ReplyDelete
  42. Hi TAPE,
    love the informative write-up,just one question,how do you work out how big a file is going to be if its 10 characters long and uses all the alphabet and 0 thru 9,i know its huuge as because i already tried and ran out disk space at 870gb for the file size,just wondering how i couldve saved time and worked it out beforehand.

    ReplyDelete
  43. sorry TAPE that was me,Ash,in the above post,just worked out how to add my name,also one more question i'm having trouble splitting up the file size using:/pentest/passwords/crunch# ./crunch 7 7 -f charset.lst ualpha-numeric -o START-b 10000mb,i tried using the gb tag instead of mb but when i used 10gb the file still turned out bigger than 10gb?any clues,id say im making a silly mistake but its got me stumped

    ReplyDelete
  44. Hey there Ash, glad you liked the post !

    For checking the size of wordlists to be created, have a look at this post ;
    http://adaywithtape.blogspot.com/2010/09/wordlist-sizes.html

    Also note that the latest version of crunch (v2.6) will now show you what size the wordlist will be.

    As for your query on the size discrepancy, surprising, I tested with small sizes and it worked fine.
    Have you tried with smaller sizes ?

    ReplyDelete
  45. Hey Tape, I was trying to do a phone # list with the dashes but the output file jumps around what i am trying to get. Using this command:

    ./crunch 12 12 -f charset.lst numeric -o text.txt -t 000-000-@@@@

    i get 000-000-00000 and so on.

    If i change the length to 11 12 i get
    000-000-000 to 000-000-00000
    skipping what i want which is 000-000-0000

    i changed the length to 11 13 and i did get it but my output file is much bigger than i would like.
    Any ideas on this? Thank you in advance and great post btw.

    ReplyDelete
  46. Hey Steve,

    I have a feeling that you must have made an input error..
    If you still have a problem, revert mentioning the exact command you tried and I will have a look.

    Laters -

    ReplyDelete
  47. Tape, is there any way to rescript crunch in order for it to produce something that looks like this.
    A A _ _ _ _ _ _
    A _ A _ _ _ _ _
    A _ A _ _ _ _ _
    A _ _ _ A _ _ _
    A _ _ _ A _ _ _
    A _ _ _ _ A _ _
    A _ _ _ _ _ A _
    A _ _ _ _ _ _ A
    _ A A _ _ _ _ _
    _ A _ A _ _ _ _
    _ A _ _ A _ _ _
    _ A _ _ _ A _ _
    _ A _ _ _ _ A _
    _ A _ _ _ _ _ A
    _ _ A A _ _ _ _
    _ _ A _ A _ _ _
    _ _ A _ _ A _ _
    _ _ A _ _ _ A _
    _ _ A _ _ _ _ A
    _ _ _ A A _ _ _
    _ _ _ A _ A _ _
    _ _ _ A _ _ A _
    _ _ _ A _ _ _ A
    _ _ _ _ A A _ _
    _ _ _ _ A _ A _
    _ _ _ _ A _ _ A
    _ _ _ _ _ A A _
    _ _ _ _ _ A _ A
    _ _ _ _ _ _ A A

    I think I am correct in saying that in most eight digit keys the same letter rarely shows up more than twice. If we can substitute A=letter and do this with all the letters in the alphabet, the password file will be reduced in size vastly.

    ReplyDelete
  48. Well it would need a lot of work I think to actually do that and I am not sure if it is in the scope of what the current author of crunch intends.

    In any case crunch in its current form is not able to do the above.

    ReplyDelete
  49. I just copy-paste your command
    ./crunch 6 6 -t @dog%^ ABCD 1234 @#$%
    But instead using @#$% symbols it uses all symbols. And all letters. Using crunch 2.6.

    ReplyDelete
  50. Another example of my own:
    ./crunch 5 5 0123456789#* -o /home/origin/Desktop/wordlist -t ^cat%

    Symbols #* from charset are getting ignored. And instead all list is used.

    Maybe something got messed up in between 2.4-2.6 releases?

    ReplyDelete
  51. Hey Sculder,

    Your first comment appears to be correct, crunch is no longer only taking the given special chararacters but taking the full range.
    Strange, I will test a bit more and forward findings to bofh28.
    Thanks.

    Regarding your second comment, you are not using the -t option correctly..
    If you want crunch to use your own defined characters, you have to use @ with the -t option..

    ReplyDelete
  52. Hi there. I can't sleep until this is resolved:) Another command cp-paste from this page.

    ./crunch 6 6 -t @dog%^ ABCD 1234 @#$%
    Adog1@
    Adog1#
    ...

    @'s should change with lowercase letters. Crunch have "*" for uppercase. So why output starts Adog1@ with capital A? I know there is no lowercase letters specified so the correct output should be "...length should be the same size as the pattern you specified". Or I am missing something again.

    ReplyDelete
  53. If you specify characters as per the above (not sure why you would actually, there are better ways) and you want lower case, why write upper case ? ;)
    @ will follow the alpha user input, which in the above example was entered as upper case..

    the symbols @ % ^ * symnbols are only meant to be used
    within the -t option..

    If you need further clarification, give a shout.

    ReplyDelete
  54. Actually I said there are better ways but of course it completely depends on what you are aiming at !
    Of course it is a perfect way to use it for a more refined user input.

    ReplyDelete
  55. Hi Tape,

    This is a really cool guide and I appreciate you writing it. I was wondering if there was a way to modify the output, but also change the location where the file will be saved. I am trying to create a wordlist of 10 digit numbers, and I want to save files no larger than 2gb to my external hard drive. Thanks again!

    ReplyDelete
  56. Hey Andrew, glad you liked the post, it seems to be a favourite !

    I am assuming that you will be working on a BackTrack installation..

    1. Make sure the external HDD is mounted and recognized. You can do this in Konqueror.
    (Konqueror -- Storage Media -- Click your external HDD)

    2. Head to crunch directory ;
    cd /pentest/passwords/crunch/

    3. Tell crunch to make a wordlist of ;
    - 10 digits with numeric values only
    - Split in parts of no more than 2 gig
    - Output to your external HDD (lets call it 'Ext1' for example only)

    ./crunch 10 10 -f charset.lst numeric -o /media/Ext1/START -b 2gb

    You may see some confusing %% ddd, however do some testing with smaller lists to verify correct output.

    I have tried with ;
    ./crunch 4 4 -f charset.lst numeric -o /media/Ext1/START -b 10kb

    and seems to be working OK..

    Let me know if it does ! and thanks for the request as it shows a bug in the screen output

    Laters - TAPE

    ReplyDelete
  57. By the way, be aware that you of course need to refresh the page in Konqueror -- Storage Media, to see all drives.

    Also, the output is going to be over 102GB ...

    Yikes..

    ReplyDelete
  58. Thanks for the quick reply! 102 GB...yikes indeed :P

    I think I'll start out with numbers beginning with 9 and go from there. Thanks again for the assistance!!

    ReplyDelete
  59. What are the commands to pipe crunch to aircrack? The numbers should be 10 digits starting with 213

    ReplyDelete
  60. Hey there,
    should be something like the below ;

    ./crunch 10 10 -t 213%%%%%%% | aircrack-ng -w- -e ESSID /path/to/capfile.cap

    ReplyDelete
  61. i was thinking is there anyway to make crunch compresson the password list so when i use it in aircrack-ng my pass scan can be highter i use pyrit + essid to make the hash file but it take long time really , or if there a way to make crunch make database maybe u can help me with that thx man really u do a good and nice work

    ReplyDelete
  62. I THINK I understand what you mean ;) but unfortunately carrying out the WPA crack is always going to be a long proces.

    I am thinking about writing a post on Pyrit, using pyrit you can also use compressed wordlist files, and crunch can make compressed wordists files.. so that could be combined, but haven't checked it all out yet.

    ReplyDelete
  63. hi tape.......i appreciate ur dedication for crunch topic............
    i've a problem for making 14 digits word list in crunch (backtrack 4). whenever i try to make a big list it displays a msg about less space or no space.....wat should i do??....plzz help me for making a big dictionary file....thanx in advance.

    ReplyDelete
  64. Hey there Anonymous ;)

    I can say without a doubt that crunch has been my favourite proggie, as it is awesome and its something I managed to get my teeth into :)

    If you want to make a wordlist with 14 digits (meaning numbers from 0 - 9) then you are never going to have enough space..

    Check out my post on wordlist sizes and do the test.
    I checked it, and if you want a 14 digit wordlist with only numbers from 0-9, as in following code ;
    ./crunch 14 14 0123456789 -o toobiglist.txt

    the size would be LEGEN.. wait for it.. DARY..

    Number of passphrases: 100000000000000
    Size in GB : 1396983.861
    Size in Terabytes : 1364.242

    So I guess now you should understand why your comp with a few hundred GB is complaining about space ;)

    Dont even try to create wordlist that big, without cluster / cloud computing you will NEVER use it.

    ReplyDelete
  65. i hope we gonna see new amazing update from u man really ur programs help me alot and im thanksfull to u

    ReplyDelete
  66. unbelievable........any wayz thanx TAPE 4 ur quick reply..if i try 14 digits word list including country code such as ...... 00971@@@@@@@@@...... 00971 is country code....
    .......is it possible?

    ReplyDelete
  67. @ SiLeNt
    Well bofh28 just released crunch v2.9 So I am planning on checking it out and probably making a new post when crunch reaches v3.0 to include the new goodness :)

    @ Anonymous
    Sure, the space required would be much less ;

    With your first 5 digits fixed ;
    ./crunch 14 14 0123456789 -t 00971@@@@@@@@@ -o uae-tel.txt

    The size would be aprx. 13GB

    Still not too small though..

    You can check all this yourself of course by simply running the command with the latest version of crunch.

    The new versions now also show the size you are looking at.

    ReplyDelete
  68. hi TAPE........i've a question....
    "how to split 10 GB WPA ASCII file into 500 MB file?

    ReplyDelete
  69. Hey there,

    I assume you are talking about a wordlist you already have, and not one you want to create.

    Have a look at pureh@te's wordlist menu tool ;
    http://www.backtrack-linux.org/forums/backtrack-howtos/689-wordlist-menu-tool-backtrack-4-final.html

    That has a lot of good wordlist options and also the option to split a wordlist based on linecount.

    ReplyDelete
  70. Also, have a look at the command 'split'

    ReplyDelete
  71. THANX TAPE ..... I'LL TRY IT

    ReplyDelete
  72. Hi, Can crunch create phrases with spaces inside?
    I can't get it.

    e.g: my name is john

    ReplyDelete
  73. Heya Anonymous ;)

    Sure, crunch can utilize spaces within the given criteria using the -t switch for instance.

    The trick is to then put the criteria in quotes.

    ./crunch 4 4 -t "a cd"

    Laters - TAPE

    ReplyDelete
  74. Hi again Tape but this doesn't run for me. The output is the same string: http://i.imgur.com/cqKKB.jpg

    ReplyDelete
  75. Hey there, I think you misunderstood..the example given will actually provide the reponse as you said. This is the correct outcome.

    Try with different combinations and patterns ;
    ./crunch 4 4 -t "@ % "

    Just to show that to be able to include spaces in patterns you have to use quotes.

    ReplyDelete
  76. Thanks Tape, but I don't want a pattern, I just want crunch takes 'space' like another character.

    ReplyDelete
  77. Ahh ;) Now I get you.

    The same applies, put the characters you want to use for your wordlist in quotes directly in the command ;

    ./crunch 4 4 "01234556789 abcdef" -o hex_with_space.txt

    Hope the above example is clear, otherwise let me know what you are trying to accomplish so I can have a closer look.

    Laters.

    ReplyDelete
  78. Yeeeeeeeees, a lot of thanks. I had tried that yesterday but I must be blind.

    ReplyDelete
  79. ;) Glad you found the solution, knowing its possible but not knowing how to do it is a brain melter..

    ReplyDelete
  80. Hello TAPE, i am trying to make 10 10 numeric only wordlist but with this patternt:
    [x1][x2][x3][%%][%%]
    x1:numbers between 65-99
    x2:numbers between 01-12
    x3:numbers between 01-31

    Is it possible?

    ReplyDelete
  81. Hey, no unfortunately crunch cannot do that,

    But basically you want a date list followed by numbers ?

    If you look at the comments in my post on wordlist sizes you will see I wrote a bit of code to create a date list.

    You can modify that code slightly to alter the way the output is made.
    Then you would have to figure out how to append numeric values, if that is what you want, to get the 10 characters.

    ReplyDelete
  82. Had a look and there is a way, which looks terrible though ;) couldnt get 'date' to accept years as in '65' instead of '1965'

    > First copy / paste the below and save as 'datelist'

    #!/bin/bash -e
    #Starting and stopping dates
    echo "Enter the starting date"
    echo "must be in the format yyyy-mm-dd"
    (tput bold && tput setaf 1)
    read START_DATE
    (tput sgr 0)
    echo "Enter the ending date"
    echo "must be in the format yyyy-mm-dd"
    (tput bold && tput setaf 1)
    read END_DATE
    (tput sgr 0)
    # List all dates in between the chosen dates in the format yyyymmdd
    echo $START_DATE | tee r_dates.txt
    while true
    do
    START_DATE=$( date +%Y-%m-%d -d "$START_DATE -d 1day" )
    echo $START_DATE | tee -a r_dates.txt
    if [ "$START_DATE" == "$END_DATE" ]
    then
    awk -F- '{print $1 $2 $3}' r_dates.txt > datelist.txt
    rm r_dates.txt
    echo
    (tput bold && tput setaf 1)
    echo "wordlist 'datelist.txt' created"
    (tput sgr 0)
    echo ""
    exit
    fi
    done


    > Then make the file executable ;
    chmod 755 datelist


    > Run the file and create the datelist with the dates you want;
    ./datelist

    > Then remove the 1st 2 digits from each line ;
    sed 's/^..//' datelist.txt > datelist1.txt

    > Then append the numbers to each line ;
    for i in $(cat datelist1.txt); do seq -f "%04.0f$i" 0 9999; done > datelist2.txt


    Doing it the above way will take aaaagees.. (its very messy) and the file will be pretty big..
    But hey its a way (I think ;) )

    ReplyDelete
  83. You are great i think that is the way but there's a problem with last part, when last 4 numbers are added they goes first not last....

    ReplyDelete
  84. sorry i've found it
    for i in $(cat datelist1.txt); do seq -f "$i%04.0f" 0 9999; done > datelist2.txt

    just had to change the place ot "$i"

    ReplyDelete
  85. :D messed up with that one then, but glad to be of help.

    Have a look at the latest post I made on creating a wordlist based on dates.
    I wrote a quick tool that should make it easier for you.

    http://adaywithtape.blogspot.com/2011/03/creating-date-wordlist.html

    ReplyDelete
  86. Finally I find great blog and amazing blogger,
    Thanks TAPE for your great article

    Actually before i see this article i create my 8 digit (00000000 - 99999999 ) wordlist dictionary with "DICTMAKE.EXE" now I want to add some charters like "a" at the end of each line,
    which tools can I use for this scenario ? ( it better to be windows program but if it doesn't exist i use backtrack too )
    I have another Question you said :
    crunch is one of the first tools that come to mind when needing to create a bruteforce wordlist
    What is the another programs for bruteforce ?

    ReplyDelete
  87. Hey Saeed Y,
    Glad you like the blog ;)

    The tool you want to use is crunch, its the best one for the scenario you are looking at.

    Read through this tutorial and you will see that your solution is very easy ;

    ./crunch 9 9 -t %%%%%%%%a -o wordlist.txt

    Yep.. that easy.. ;)
    Or you could have all possible lower case letters appended ;

    ./crunch 9 9 -t %%%%%%%%@ -o wordlist.txt


    I have not covered any other wordlist generators, but you could think of JTR for instance as well.

    My preference (and familiarity) is with crunch though.

    ReplyDelete
  88. Hi again Tape
    I can't return back to your blog :)
    I have suggestion about your next article
    your covered how we can create our own password list in this article, why you not cover how we can use our password dictionary list with airolib-ng and ... to make pre-calculated hash file for easier WPA/WPA2 cracking ? ( it's really useful, isn't it? )

    ReplyDelete
  89. Hey Saeed,
    Actually that request has come up a few times,

    I considered it to be a bit too basic to dedicate a post to it,

    However, now I may just do it for clarity's sake :D

    ReplyDelete
  90. Hi TAP
    First of all thanks for reply,
    My recent Experience may help you
    a few days ago i decided test airolib-ng to create pre-calculated hash ( for all of 8 digit numbers ) after 6 hours the completed progress was 1% !! it really bad for me so i decided to test Pyrit .
    my experience with pyrit show me this program is really better than airolib because it did this scenario in 20 hours
    P.S : My CPU is Core I7 920
    RAM : 6 GB DDR3
    & and i didn't have GPU Power !

    ReplyDelete
  91. Hi.TAPE.......my questn..
    i got the WPA handshake file and I saved it in my PEN DRIVE....So can i use this WPA handshake file next time directly from "aircrack-ng" command, for cracking the password..

    ReplyDelete
  92. Please try to keep the comments relevant to the blogpost topic...
    ------------------------------------------------------------------

    Sure thats possible, when you save the .cap file to a pendrive, you just use the location of the that in aircrack ;

    aircrack-ng -w password.lst -e essid /path/to/pendrive/wpa.cap

    ReplyDelete
  93. Hi men,
    I would like to know if it's possible to "start" o "end" crunch from a determined point, cause i've stopped a search almost when it was at half of progress so i would like to start from this..
    For example, i would like to start from 56782345 so it will be:
    56782345
    56782346
    56782347
    56782348
    56782349
    56782350
    56782351
    ...
    ...
    60000000
    60000001

    And so on.. so I can also split the work on one or more computer..

    Thanks..

    ReplyDelete
  94. Hey there,

    You should be able to do that by starting from a startblock using the -s switch (I see I neglected to cover that in my post... whoops :D )

    ./crunch 8 8 -t %%%%%%%% -s 56782345 -o numbers_continued.txt

    ReplyDelete
  95. Hi Tape, when using the -p option in Crunch it just seems to write to the screen, and the -o option doesn't seem to work when specifying an output file (it just takes that text and adds it to the word being worked on - eg "./crunch 1 1 -p FAST-SLOW -o test" produces an odd result). Is there an easy answer to generate a file? Thanks.

    ReplyDelete
  96. hi tape..
    when'll we be able to hack WPA/WPA2 password without dictionary/password list??????

    ReplyDelete
  97. Hey, regarding the -p option;
    The -p option needs to be the very last option entered in he command line ;

    ./crunch 1 1 -o test -p fast slow hyper
    should work as expected.

    Hope it helps !

    ----

    As for the WPA question, what does this have to do with crunch ? Keep the comments relevant to the blogpost please.

    ReplyDelete
  98. Hi ... thanks for every help you give to everyone =)

    So after I wanted to generate a list of 8 letters all in down case ... it was around 1750Giga !! that's really too much I mean it's just 8 letters and only down cases not like 16 or 26 ... is there any other solution .... ?

    Thank you. I'm William (:

    ReplyDelete
  99. Hey William,

    Well, the size is what it is, cannot change it !

    You are looking at creating a list of 8 characters
    in each and every combination using 26 letters.. thats a lot of data..

    If you dont know a pattern which you could use to reduce wordlist size, then no other alternative !

    ReplyDelete
  100. hahaha thanks a lot dude !!
    actually I do know something all the words are in down case ^^ ... kidding ...

    so the password is this "afyadvtc" yes I know it already I just wanted to see if I generate a list with all the random 8 letters in downstairs how would it look ...

    Well Thank you for the time and the answer. =)

    ReplyDelete
  101. How long would it take to generate a wordlist with mixalpha-numeric-all and min of 8 and max of 10? I am getting a RIDICULOUS amount of data like in the trillions of gigabytes.. is that correct?

    ReplyDelete
  102. I don't kow the exact figure, but it is too much for you pc to handle for sure :)

    ReplyDelete
  103. So are you saying that if I wanted to generate a wordlist with let's say.. "./crunch 8 8 -f wordlist.lst mixalpha-numeric-all" is that even practical?

    ReplyDelete
  104. No its not practical at all.

    Using ;
    ./crunch 8 8 -f charset.lst mixalpha-numeric-all-space
    Would result in a file of 55607258 GigaBytes...

    How on earth can you use that ?

    A couple of gigabyte.. OK, that many.. no sir..

    ReplyDelete
  105. HI, TAPE...
    CAN U GUIDE ME THT HOW TO SPLIT 1GB WORD LIST/DICTIONARY INTO 10MB/50MB SIZE?.

    ReplyDelete
  106. Hey Kasoori,

    I would suggest you look into using the 'split' command, splitting the file based on line count (to avoid any splits harming words)

    Try the following ;

    split -d -l 3000000 wordlist.txt newfile

    The above will split the wordlist into files with a a prefx of 'newfile' followed by numbers.

    Each new file will not contain more than 3000000 lines.
    (actual size will vary depending on the length of passphrases)

    Hope the above helps.

    ReplyDelete
  107. hello tape,
    i'm trying to show my friends how insecure a common way our local internet provider makes our passwords. i have a list of top 1000 names in the USA. basically here they put the first initial of the customer then the last name and a 4 digit number
    example
    @Smith@@@@
    I'm trying to find a way to pipe the password list i have threw to make the new list. even if i have to do it twice it would still be faster then typing each password of the 1000. thanks for you time!!!

    ReplyDelete
  108. Heey TAPE,

    Good tutorial about Crunch. It was very easy to follow. Sorry for my English 2. I´m from the Netherlands, haha.:)

    ReplyDelete
  109. Hey Nico,

    Glad you liked it !

    Please note that best to follow the latest post on crunch v3.0 which is more upto date.

    Laters ! - TAPE

    ReplyDelete
  110. What if i think the password is a concatenation of some words. Not more than 3 deep. I hope you understand what I mean.

    Let's say i think the password is made up from these words:

    streetname
    postal
    number

    I want a program to create these words:
    streetname
    streetnamepostal
    streetnamepostalnumber
    streetnamenumber
    streetnamenumberpostal
    postal
    postalnumber
    postalnumberstreetname

    etc.

    When I use crunch it always makes very large passwords. I can't use them.

    cupp is better I think. It generates short passwords and longer passwords but I am not sure if it makes ALL combinations i require.

    Someone an idea how to get my list which uses about 10 words as input and generate passwords from 8 length up to any size as long as the password does not consist of a concatenation of more than 3 words ...

    ReplyDelete
  111. This is what I am looking for!
    http://www.softwarebee.com/download/the-permutator.html

    Is a tool available which can do this?

    ReplyDelete
  112. For both the above anonymous posters..

    Do a google on combining wordlists.

    Also, please note that this post is obsolete.

    Crunch has evolved to v3.1 by now, best check out the latest post.
    I will have a look later, but you are simply looking at combining 1 wordlist with another.

    ReplyDelete
  113. For info or requests on manipulating wordlists I would request that you post your queries in the post ;

    http://adaywithtape.blogspot.com/2011/07/wordlist-manipulation-revisited.html

    That's where I would like to have these types of queries posted.

    ReplyDelete
  114. hello,if you cant help me with this problem...When I minimize a window and disappeared from the bar, i do not know what to do if you know anything please tell my a solution if you now,bye bye

    ReplyDelete
  115. ALT + TAB ?

    Also dont really see how this is related to crunch...

    ReplyDelete
  116. I posted here because I saw that you are professional in this operating system. "alt + tab" function, but still do not understand wher is going why give away "minimize window". do not know where everything disappears.: (thx for the answer respect

    ReplyDelete
  117. Haha :D

    I am flattered, however I am VERY much a beginner with linux and the OS BackTrack..

    To be honest I cannot understand why the window would minimize or disappear without user interaction.. it makes no sense to me.

    Without knowing your specific OS / type difficult to provide an informed answer.

    Further, I really do want to try to keep the comments related to the post in question, not on general OS information.

    ReplyDelete
  118. hi guys, how can generate this wordlis
    charset = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789@#%*()-_+=~[]{}\:;<>,.?/]


    Passwords must contain at least 6 characters and max 10.
    All passwords must start with a letter.
    Passwords must contain at least one numerical character.
    Passwords must contain at least one special character.


    Thanks in advance

    ReplyDelete
  119. crunch v2.4 has been superceded by a couple ofversions and as such please refer to the post on crunch v3.0.

    When you post your comment there, also mention;
    > whether the words should start with upper, lower or either case.
    > if there is any fixed position for the number and special character.

    ReplyDelete
  120. excyse me if i dont know that with how many characters use wifi password is there some tricks that can i check it? i dont know password lenght and i wanna to make password list i cant try all combinations:)
    thanks

    ReplyDelete
    Replies
    1. Hey,

      There is no trick to figure out password length..

      Delete
  121. Hallo Tape,

    Would like to ask if it’s possible to make list of 13 characters containing letters and numbers but the lines should contain no more than 2 same characters next to each other and no more than 5 same characters in the whole line.

    Thank you,

    ReplyDelete
  122. I'm trying to figure out how to create a numeric list of all possible dates for, say, the last 50 years. Examples 12302011, 12312011, 01012012, 01022012 etc. Any idea how to do this? Thanks!

    ReplyDelete
    Replies
    1. I wrote a script called datelist, which you can find in a later
      blogpost here on the log.

      That will do exactly what you want.

      Delete
    2. http://adaywithtape.blogspot.nl/2011/03/creating-date-wordlist.html

      Delete
  123. hey...i like ur article
    but i want to create the list of 8 digits and 16 digits containing (uper case, lowercase alpha + numeric + special char. !,@,#,$,%,^,& ) with randomly all possible combinations....

    PLZZZ....HELP ME OUT..

    ReplyDelete
    Replies
    1. You dont have enough storage to handle that.

      Delete
  124. how much storage needed for that and plz..help me out this is very important to me to create these combinations

    ReplyDelete
    Replies
    1. lowercase+uppercase+numeric+special chars == 95 characters (on normal US keyboard)

      Total number of possibilities on a 8 character passphrase using all 95 characters ;
      6634204312890625
      Size;
      55607258.170 GB

      For 16 character passphrase you would need 696829833749683281578342.075 GB storage .. so yeah..

      Delete
  125. ohh..noo...?
    then tell me if u knw about any method faster than brute force attck..
    and also if u knw anything about FTP hack...

    Thanx...:)

    ReplyDelete
  126. Hi Is this possible
    ./crunch 10 10 -f charset.lst numeric -t shroot@@@@

    I only want to generate all possible combinations of years after shroot from 1900 to 2013

    what should I do to get this to happen in crunch please

    ReplyDelete
    Replies
    1. First of all make sure you are running the latest version of crunch.
      (the -e switch only came into play as from v3.1)

      ./crunch 10 10 -t shroot%%%% -s shroot1900 -e shroot2013

      Delete
    2. And checkout the later post on crunch I made ;

      http://adaywithtape.blogspot.nl/2011/05/creating-wordlists-with-crunch-v30.html

      Delete
  127. Hi,
    I'm running BT5r3-KDE-32bits and Windows 8.

    I'm looking for a way to generate an alphanumeric sequence in BT containing letter-number combinations up to 10 characters long without having the same letters or numbers appearing side-by-side - and save it to a text file or lst file.

    when I use crunch wordlist genrator it generates alphanumeric sequences containing all possible combinations of letters and numbers from a given a character set - great if you want all possible combinations - bad if you don't want a lot of CCCCDDDDD or TTTTEEEEE.

    I only want to produce an alphanumeric sequence containing different letters and numbers side-by-side.

    For example,
    BADELF26 - Acceptable
    3H8E5E81 - Acceptable
    CTFFF29E - Not Acceptable
    CLE3C77N - Not Acceptable

    Any help with this matter would be greatly appreciated.

    ReplyDelete
    Replies
    1. Have a look at the more recent post on crunch I made here ;
      http://adaywithtape.blogspot.nl/2011/05/creating-wordlists-with-crunch-v30.html

      And look at the new -d option.

      This switch limits the number of consecutive repeated characters and should do what you want.

      Delete
    2. Hmm, actually I see I didnt include any instructions or advice on the new -d switch, but if you read the manpage of the latest crunch you will find examples of how to use the -d switch.

      Delete
    3. hi tape i would like to know how to use crunch code to crack a really long password containing a to z alpha mixed with numbers and i know for sure it has more than 30 charachters, ive been looking for a code on google but i cant find any. help please

      Delete
    4. Bruteforcing a thirty character alpha-numeric password ?!

      I think you need to read more of my posts, specifically the one on wordlist sizes...

      Delete
  128. I was wondering. My router password has 12 lowercase-alpha characters. It is just a single word comprised of 4 letters repeated 3 times. How can I direct crunch to make a word list of words repeating any given amount of times. I am aware of the size it would take. However, I want to learn how this can be done. Thank you for your time. Example of password: looklooklook

    ReplyDelete
    Replies
    1. Hi there,
      well you cant really use crunch directly for that, however it is easily accomplished with a line in bash.

      Say you have a wordlist with all 4 characters words called words4.txt
      four
      sh1t
      look
      test
      one1
      two2
      dear
      deer
      why?
      what
      f*ck

      In bash you could then do :

      for i in $(cat words4.txt) ; do echo $i$i$i ; done > words12.txt

      Now you would have a wordlist called words12.txt containing;
      fourfourfour
      sh1tsh1tsh1t
      looklooklook
      testtesttest
      one1one1one1
      two2two2two2
      deardeardear
      deerdeerdeer
      why?why?why?
      whatwhatwhat
      f*ckf*ckf*ck


      Hope that helps.

      Laters - TAPE

      Delete
  129. Hi,
    I was wanting to generate passwords for a router that has 10 characters. These characters are a mixture of uppercase letters and numbers. For example possible passwords could be:A155279C57 or 9J654GU82F

    Thanks

    ReplyDelete
    Replies
    1. And the above post in all its glory did not show you how to do exactly that ?!


      ./crunch 10 10 ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 -o BIG_List.txt

      The list output will likely be to big to be practical.

      Delete
  130. hi, i'm piping crunch into aircack-ng and was wondering if there was an option to shorten the bruteforce to more practical passphrases? for example a 14 character passphrase isn't likely gonna be 00000000000001, 00000000000002, etc. so is there a command to exclude passphrases that has more than 2 of the same characters side by side?

    ReplyDelete
  131. In the latest crunch you can specify the number of consecutive characters you want to allow.

    ReplyDelete
  132. if iwant to create 6 digit number but i want to fix the first number with 1,5,7,9 how can i do example 1@@@@@,
    5@@@@@,
    7@@@@@,
    9@@@@@
    please help me

    ReplyDelete
  133. What about when you want combinations of a string but in the order the characters of the string appear, eg combinations 3 of ABCD : ABC ABD ACD BCD . In math if i'm not mistaken, this is called combination and when you have mixed order permutation.Can it be done in crunch?

    ReplyDelete
  134. hi gays how to make alpha-num worldlist but fix last four numbers
    xemp;
    12ZE341E00
    3ZER451E00
    ARE3451E00
    plz how to fix 1E00

    ReplyDelete
  135. Hi there. I am new to Crunch and am trying to create a word list for a 9 character password with 6 lowercase and 3 digits in an unknown order. If I have read correctly, if I do -t @@@@@@%%% it will yield words in that particular order, for example:

    abcdef123
    bcedlk678

    The problem is I don't know where the digits go. Any help is appreciated.

    ReplyDelete

 
Google Analytics Alternative