Crunch Kali Linux

In order to hack a password, we must test a large number of passwords until we find the one that works. When an attacker attempts to crack a password using hundreds or millions of words or character combinations, there is no guarantee that any of those millions of possibilities will work. This collection of different combinations of characters is known as wordlists. And to crack a password or hash, we will need a solid wordlist that can crack the password. To do so, we have a tool in Kali Linux called crunch.

Crunch

Crunch is a wordlist generator where we can specify a standard character set or a character set we specify. Crunch can create all feasible combinations and permutations based on given criteria. The data generated by crunch can be shown on the screen, saved to a file, or piped to another program.

It is very crucial tool for generating a possible word list of any password. In Kali Linux, the crunch tool is available for free. This program supports numbers and symbols, upper and lower case characters separately Unicode.

Features of Crunch

The following are the features of Crunch:

Crunch creates wordlists in both combination and permutation ways.
Crunch can divide output by a number of lines or file size.
Crunch now has resume support.
Now pattern supports numbers and symbols
Now pattern supports upper and lower case characters separately
Add status report when generating many files.
New -l option for literal support iof @, %^
New -d option to limit duplicate characters; see man file for details.
Now had Unicode support.

Why do We Need a Crunch Tool?

A dictionary file is required during the password attack; Dictionary files are text files containing many commonly used passwords. These passwords are frequently used with password-cracking tools. However, sometimes users are very intelligent. They use smart passwords like javatpoint@123 and mobile numbers. The dictionary file does not include these kinds of passwords. Now we need a crunch tool, which hackers frequently use to generate passwords.

Crunch Help

Usage:

Where min and max are numbers

Crunch can generate a wordlist depending on our parameters. Crunch's output can be transmitted to the screen, a file, or another program.

The following parameters are required:

min-len

The min-len is the minimum length string which we wish crunch to start at. This option is essential even for parameters which will not use the value.

max-len

It is the maximum length string which we need crunch to end at. Even though the value will not be used, this option is essential.

charset string

We can specify character sets for crunch to use on the command line, and if we leave it, blank, crunch will use the default character sets. The order should be lower case characters, upper case characters, numbers, and then symbols. If we do not follow this order then we will not get the desired output. We have to specify the values for the character type or a plus sign.

Note: If we need to comprise the space character in our character set we have to escape it using the \ character or enclose our character set in quotes means "abc".

How to Install Crunch in Kali Linux

We have to use the following command in order to install crunch in Kali Linux:

In order to check the installation, we have to type the following command:

This command displays the crunch tool's initial page, which checks the tool's installation.

How to Create Custom Wordlist using Crunch on Kali Linux

Wordlists are a key part of brute force password attacks. For those readers which are not familiar, a brute force password attack is an attack in which an attacker uses a script to repetitively attempt to log into an account until they get a positive result. Brute force attacks are quite obvious, and they can result in a well-designed server locking out an attacker or their IP address.

This is why it's important to test the security of log-in systems in this manner. Attackers who attempt these attacks should be banned, and the additional traffic should be reported to our server. Passwords must be more secure on the user end. In order to establish and enforce a strong password policy, it's critical to understand how the attack is carried out.

Kali Linux includes a handy tool for generating wordlists of arbitrary length. Crunch is a straightforward command-line utility. It has a simple syntax and may be readily customized to meet our requirements. However, be aware that these lists can grow rather huge and quickly occupy an entire hard drive.

We have to follow the following steps in order to create a custom wordlist:

Step 1: In order to a create custom wordlist, first we have to start our Kali Linux, open the terminal, and then type Crunch to check crunch is installed or not and it is the most current version.

Step 2: We will use the command man command to view the crunch manual and options available.

Step 3: Crunch has the following fundamental syntax:

min= The minimum password length.
max= The maximum password length.
characterset= It is the character set to be used in generating the passwords.
-t <pattern> = The specified pattern of the generated passwords. This word generates passwords with lengths of up to 11 characters (7 variable, 4 fixed), all ending in 0728.
-o <outputfile>= This is the file which we wish our wordlist written to.

Step 4: In order to generate simple wordlists, we have to type crunch <min>max<max>

Example

When we execute this command, crunch assesses the size of the file (1463 TB) and then starts generating the list.

What if we knew the target always used number passwords between 6 and 8 characters? We might get a comprehensive list of password alternatives that fulfill these conditions. And send them to a file in the user's directory called number8.lst by typing:

Step 5: We can use the following command if we know the target's password is 8 characters long and ends with 1 & 2:

Crunch Options

-b number[type]

It specifies the size of the output file, and it only works if we used -o START means 60MB. The output files will be in the format of starting letter-ending letter, for example:

This command will generate 4 files: aaaa-gvfed, gvfee-ombqy.txt, ombqz-wcydt.txt, wcydu-zzzzz.txt valid values for type are kb, mb, gb, kib, mib, and gib. The first three categories are based on 1000, while the following three are 1024-based.

NOTE: There is no space between the number and type. For example, 500mb is right, but 500 mb is not.

-c number

This option will specify the number of lines to write to the output file; it will only work if -o START is used, i.e., 60 the output files will be in the format of beginning letter-ending letter for example:

./crunch 1 1 -f /pentest/password/crunch/charset.lst mixalpha-numeric-all-space -o START -c 60

Would produce two files: 1-7.txt and 8-.txt/ the reason for the slash in the second file name is that last character is a space, which ls must escape before printing. We have to put in the \ when specifying the filename because the last character is a space.

-d numbersymbol

This option will limit the number of duplicate characters. -d 2@ limits the lower case alphabet to output such as aab and aac. Because aaa is made up of three consecutive letters of the alphabet, it will not be generated. The format is number then symbol where number is the maximum number of consecutive characters and symbol is the symbol of the character set we need to limit, e.g., @ percent.

-e string

This option will specify if crunch should stop early.

-f/path/to/charset.lst charset-name

Specifies a character set from the characterset.lst.

-i

Inverts of output so instead of aaa,aab,aac,aad, etc we get aaa,bca,caa,daa,aba,bba, etc.

-l

If we use the -t option then this option tells crunch that symbols must be treated as literals. We'll be able to use the placeholder as letters in the pattern as a result of this. The -I and -t options should both be in the same length.

-m

This option will be merge with -p. Please use -p instead.

-o wordlist.txt

Specify the file in order to write the output to, e.g. wordlist.txt.

-p charset OR -p word1 word2?

We used this option to generate words that do not have repeating characters.

-q filename.txt

This option tells crunch to read filename.txt and sort what is read. This is similar to the -p option, but the input comes from filename.txt.

-r

This option tells crunch to resume generating words from where it left off. This option only works if we use it with -o. We should use the similar command to the original command that we used to generate the words. The -s option is the only exception to this -s option. If we used the -s option in our original command, we should remove it before continuing the session. Simply add -r at the end of the command.

-s startblock

This option will specify the start string. For example, 03god22fs.

-t @,%^

This option will specify the pattern. For example, @@abc@@@ where only the @'s, ,'s, %'s, and ^'s will change.

@ will insert the lower case characters
, will insert the upper case characters
% will insert the numbers
^ will insert the symbols

-u

The printpercentage thread is disabled by the -u option. This must be the last option.

Generating Wordlist without Using the Character String

Execute the command below to create a dictionary with a minimum of 2 and a maximum of 3 character letters using default character sets. It will begin with the letter aa and end with the letter zzz.

For generating a dictionary, we utilized the following parameters:

Min_len: 2 for two character letters
Max_len: 3 for three character letters
-o: - This option is used to denotes the path in order to save the output in a text file.

We can see from the image below that it generated 18252 lines and saved them in the 0.text file.

Now, here we used the cat command in order to read the content inside the 0.text file, where we can see that is starts with aa and ends with zzz, as shown in the image below.

Generating Wordlist Using the Character String

Now run the following command in order to generate a dictionary that contains at least 3 characters letters and up to 4 character letters. It will also begin with sss and nnnn.

Now we can see from the image below that it generated 108 lines and saved them in the 1.text file.

Now we've used the cat command in order to read the contents of the 1.text file from the inside, and we can see that it starts with sss and ends with nnnn.

Similarly, we can create a dictionary with numeric characters using any string of any number.

For Example, Some users use their date of birth as a password, and we'd want to create a dictionary that has a combination of four numbers which indicate month and date, for example, 26^th June as 2606. We can produce a numeric wordlist using "2606" as a character string.

Generating alpha-numeric Wordlist

We can create our own alpha-numeric wordlist by using the command below, which will create a dictionary with at least 2 and up to 3 character letters using "sun123" as the specified string.

We can customize the length of our wordlist by setting a minimum and maximum length.

We used the cat command in order to read the contents of the inside 3.text file, which appears to contain a mixture of alpha-numeric characters

Use Permutation for Generating a Wordlist

If we want to use permutation to generate a wordlist, we have to use the -p option. In this, we can ignore the min and max length of the character string. Furthermore, as seen below, we can use it with a single word sting or a string of many words.

From the below image, we can analyze the output result and get the maximum number if permutations generated.

Generate a Dictionary with Limited Words

If we look at the output results above, we will notice that crunch has generated a dictionary and displayed the number of lines for each dictionary. For example, text file 0.text comprises 18252 number of lines, and each line includes one word only.

So, we can execute the following command if we want to set the filter for a specific number of lines.

We will only generate a dictionary of 25 words and save the output in 8.txt.

We again used the cat command to read the content from an inside 8.txt file, which contained only 25 alpha characters.

Wordlist Fragmentation

For wordlist fragmentation, we can use -b option, which breaks a single wordlist into multi wordlist. It's a really useful tool for breaking down a GB wordlist into MB chunks.

The below image shows that it has divided a 7MB file into three text files.

Generated Compressed Dictionary

With the help of the crunch, we are able to generate a compressed wordlist with option -z ,and other parameters are gzip, bzip2, lzma, and 7z; we have to execute the below command for compression.

We can see in the below screenshot that it has generated the compress text file.

Generate Wordlist with Specific Pattern

Crunch offers -t option to generate a wordlist using a particular pattern based on our requirement.

With the help of the -t option, we can generate 4 kinds of patterns as we specified below:

Lowercase alphabets: With the help of the @, we can generate the pattern of lowercase alphabets.
Uppercase alphabets: With the help of the , we can generate the pattern of uppercase letters.
Numeric character: With the help of the %, we can generate the pattern of numeric characters.
Special character symbol: With the help of the ^ we can generate the pattern of a special character symbol.

In order to generate a wordlist that includes 6 numeric characters on the right side of the string "preeti" for example, preeti123456, we have to execute the following command.

Because we have 6 letters from string preeti and we are assuming 6 more numeric numbers after the given string, so the minimum length must be equal to the sum of the string and pattern characters.

Here -t denotes the % pattern which is used to edit 3 numeric characters.

Again we are using the cat command in order to read the contents of the 12.txt file again, and we can see that contains a mix of alpha-numeric characters.

Generate Wordlist with Duplicate Character Limit

Crunch allows us to limit the number of times a character appears by using the -d parameters.

For example, If we need to generate a wordlist with the help of the pattern like preeti%%%%%% and want to consecutive repetition of every number thrice, we have to use the below command:

In this, we have used the following parameters:

-t :- It indicates the % pattern, which is used for editing 3 numeric characters.
-d: - It indicates the % pattern, which is used for editing 3 numeric characters with each number approximately twice repeated.

Again we are using the cat command to read the content of the 12.1txt file again, and we can see that contains a mix of alpha-numeric characters with each number repeated thrice.