Thursday, February 12, 2015

Wordlists With Crunch

Wordlists With Crunch


This tutorial is going to introduce you with a Backtrack application called Crunch. In a nutshell, Crunch is a wordlist generator where you can specify a standard character set or a customized one using which Crunch will make your wordlist. Crunch can generate all possible combinations and permutations. It is mainly used for Brute-Force attacks and WPA/WPA2 WiFi cracking. In this tutorial I explain some of its main features, options and settings.

►How to Downlaoad, Extract and install

Open up a terminal and type:(You can google "Download Crunch", and copy paste the URL instead of typing)

»wget http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.4.tgz

Once downloaded, we need to extract it.

»tar xvf crunch-3.4.tgz

Now we need to get into the directory and actually install it. Type:

»cd crunch3.2/

To Compile and install, Type the following two commands one after the other:

»make
»make install

►How to use Crunch
Once installed we can start generating our wordlists right away. Lets start with a basic example:

»./crunch [minimum length] [maximum length] [charset / extra options]

For example:
»./crunch 1 5 abc123 –o wordlist.txt

First of we specify that we are using Crunch by typing "./crunch" (Its directory). After that we specify a minimum length of 1 and maximum of 5. Now the –o [filename] option enables us to save all generated combinations to a simple text file. The "abc123" are the characters that we want the wordlist to contain. Pressing enter on the above command you will see some calculations that crunch performs using basic rules of Permutations and Combinations. It will tell you how much space will be required and the number of lines (or words) the text file will consist of. It will also tell you about the progress as it is creating the wordlist.

Similarly just by using a modified version of this example, we can create a wordlist containing all possible Phone Numbers. Depending on where you live, say if the phone numbers are 10 digits long you can specifiy both the minimum and maximum length to 10.

Apart from that, when setting up the character set, symbols are to be divided by a backslash "\". That is, if and when you want to use a symbol in your wordlist, just put in a backslash between other symbols so that the konsole doesnt get confused.(You dont need to do this for numbers and alphabets.)

For example:

»./crunch 1 5 abc\!\*\( -o wordlist.txt

In this example, Crunch will ignore the backslash and take out the symbols in between for use in making the wordlist.

Moving On, Permutations can be created by using the –p switch between words, letters, numbers, symbols.

»./crunch 0 0 –p a b c

The above will create:

abc acb
bac bca
cab cba

Although a little knowledge of basic mathematics would help here, it is fairly easy to understand. When you use the permutation option there is just one thing different- It doesnt allow repeating characters. While setting your character set normally would throw in every character in every possible place, you can use permutation if you are certain that you dont want repeated characters. One thing you might’ve noticed is that we set min/max length even if we have a permutation, we still need to set it. As in this example, Just using 0 as the length will get you the required list without any problems (It simply uses everything it has). You can always set it according to your preference.

[Math, you can skip this]
In that example we used 3 words, which will be a permutation of three. So thats 3 objects taken 3 at a time.
In other words 3(P)3 = 3*2*1 = 6 possible combinations (without any repeating). For our purpose, we can simply think of it as a factorial.

►Splitting generated combinations into separate lists with predefined size:

If ever you need to, Crunch provides an option to create several lists each of an exact size. For this purpose we have –b switch which is designed to set the size of each file. So whenever crunch generates combinations that exceed ,for example 10mb it will place the next word into a separate file and go from there.

»./crunch 1 8 abcdABCD –b 30mb –o START
This will split all the generated combinations of “abcdABCD” in separate files, none exceeding the size of 30mb.

As always, practice is the key. This is another one of those things which you dont quite get the hang of until you actually rub noses with it. If ever you have a doubt as to what any command does, best way to find out is to just try it out. Take a look at the help menu, or the official documentation for all the options and try out as many combinations as you can.

  
Posted by at
Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)