Table of Contents
Hello learners, in our previous guide we learned how to use hashview to crack password hashes from a predefined wordlist. In this guide, we will learn how we can use Crunch, an open source software to generate wordlist containing possible password combinations. While cracking hashes or attempting a brute force attack using worldlists available online such as Seclists may prove unfruitful in our attempt to decrypt passwords. This is where the Crunch comes in. Crunch is helpful in a case where we have a clue of what the password looks like.
- PC running Kali Linux.
- Knowledge of using the terminal.
- Have a clue about the possible password structure.
Crunch wordlists generator
Crunch is a utility that comes preinstalled on various Linux distros. Crunch is used by security professionals to generate predefined wordlists to fit the needs of the user while cracking passwords. Some of the features of Crunch include;
- Crunch can generate wordlists for both permutation and combination ways.
- Crunch pattern supports the use of numbers and symbols.
- Runs on both windows and Linux.
- A user can add a status report while generating multiple files.
- it can break up output as defined in the command. i.e by file size or by the number of lines.
- You can resume wordlist generation.
- Has a new -l option for literal support of @, %^
- Has a new -d option to limit duplicate characters.
- It has Unicode support.
- Crunch patterns can support upper and lower case characters separately.
In order to install Crunch on Kali Linux we run the command.
sudo apt-get install crunch
To see if crunch has been installed we can run the command.
How to use Crunch as Wordlist Generator
Crunch has options that we can use to generate wordlists that fit our needs. These options are;
- -b: specifies the maximum size of the wordlist.
- -c: specifies the number of lines to write to the wordlist.
- -d: limits the number of duplicate characters
- -e: stop generating words at a certain string
- -f: specifies a list of character sets from the charset.lst file
- -i: inverts the order of characters in the wordlist
- -l: allows the literal interpretation of %,@^ when using -t
- -o: specifies the output wordlist file
- -p: prints permutations without repeating characters.
- -q: Like the -p option but it reads the strings from a specified file
- -r: resumes a previous session (cannot be used with -s)
- -s: specifies a particular string to begin the wordlist with
- -t: sets a specific pattern of @,%^
- -z: compresses the output wordlist file, accompanied by -o
- @represents lowercase letters
- ^represents special characters
- % represents numbers
- , represents uppercase letters
Generating passwords using crunch
Crunch allows us to generate wordlists containing at least a numerical value and an alphabetical value. To generate such combinations using crunch we run the command.
crunch <min> <max> <character set> -o <outputfile>
Where min is the minimum password length, max is the maximum password length, the character set is the set of characters to use for generating the password, and the output file specifies the file we want to save the generated passwords.
Generating alpha-numeric wordlist
In some cases, people prefer using both alphabet and numerals for passwords. While generating passwords in such cases, our charset will contain both numerals and alphabets as shown below.
As shown in the image above we have generated 335,664 possible passwords.
Using permutation for generating a wordlist
In a case where we are sure a certain phrase is used in a password we want to crack, we can use the -p flag to specify the phrase used so as to include it in our generated wordlist. Crunch also allows us to include more than one phrase while we generate wordlists. Permutations should be separated by a space in between as shown in the image below.
Generate wordlists with limited words
Crunch has an option that allows us to generate wordlists up to a specified number of lines. i.e. In a case where we want only a specific number of lines let's say we only need the first 100 lines out of possible 1000 possible passphrase combinations. To achieve this we specify the number of lines y adding a flag -c after specifying the character set followed by the number of lines we want as shown in the image below.
Generate wordlist with a specific pattern
Some people may prefer using passwords that have a specific pattern. For example, a password with a phrase followed by numbers. Crunch provides an option to generate wordlists containing such passwords by specifying the pattern while generating the possible passwords using the flag -t. To do this, we use the special characters we discussed above. For example, in a case where a user has a password as a phrase followed by one number or more, we may use the following command.
The wordlist fragmentation option is useful in a case where the generated wordlist has a large size spanning over several megabytes or even gigabytes. Using the -b flag while we generate wordlists, will split the wordlists into several files depending on the maximum size we have set for each wordlist file as shown in the image below.
From our working directory, we can see several wordlists we have generated.
While using the -b flag to split the wordlist files, we are required to add START after the output flag (-o)
Generating compressed wordlist
A compressed dictionary may be required in a case where we generate wordlist with a very size or in an event where we want to transfer the wordlist for use on another PC. To zip the generated wordlist we will add the -z flag and specify the kind of zip file we want; bzip2, gzip, 7z and lzma.
In the above guide, we have learned different techniques we can use to generate wordlists containing possible password combinations depending on the nature of the password we want to crack. Using Crunch we are able to generate wordlists that fit our needs saving us a lot of time. Crunch can be used to generate possible password combinations although its efficiency depends on whether we have a clue of the structure of the password we want to generate wordlist for. Using Crunch and hashview, we can be able to crack hashes of many common passwords.