Crunch making a wordlist and the count using a pattern.

None-yet

Member
Credits
701
Afternoon people people. I am trying to do something with crunch that I am thinking I have done before. If I have then for the life of me I cannot get it now. Making a user/password pair wordlist. I am aiming for -! admin" "xxxxx !- inside the !-. admin of course is the login. The 4 spaces act as the tab and the xxxxx are the random numbers, symbols, upper and lower letters.

I can do this crunch 9 9 -t "admin " -f charset.txt mix1 " however this does me no good at all.
What I need is crunch 9 16 -t "admin " -f charset.txt mix1 " which provides some spaces to run through. The plan is to run between 3 and 7 extra letters to demo how it works. The charset looks like [abc[email protected]*$?&% ]
yea I will cut it down, but this shows you enough of what I am trying to do. Problem is I am getting

The maximum and minimum length should be the same size as the pattern you specified.
min = 9 max = 11 strlen(admin -f)=9
[email protected]:/media/sf_P_DRIVE/Brute/Working# crunch 9 11 -t "admin "-f charset.txt mix1

I get whittled down till it will only do one line. If in fact I remember correctly it should be able to be done to allow me to go up a few steps in my count.
 


captain-sensible

Well-Known Member
Credits
6,832
hello @None-yet

i hope all you are doing is white hat


the nearest i can see to what your quoting is : mixalpha-numeric-symbol14

so to use that charset its along the lines:

crunch 10 10 -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space

//since charset.1st lists quite a few including Swedish


//the 10 10 simply must match the pattern so one of mine as a white hat was:

-t [email protected]@@@


if you count " [email protected]@@@ " you will see its 10 char long


now with the @ will be replaced with chars from the char set.

generally you dont even need to use crunch to make admin passwords lists , since they are easy to get depending on what your looking at , but hint Wordpress sites are like "Swiss Cheese" .

I've helped one investigative journalist Ghana at least to hide the door to their admin login. They still haven't hidden their admin user name.
 

None-yet

Member
Credits
701
The caps I copied from ualpha and the rest came from lalpha-numeric-symbol14 and I took out some symbols. There shouldn't be any sweetish in that.

You said the 10/10 must match the pattern. Are you talking about the order or it cannot go over 10. Because that will really limit the admin" "xxxxx .
It will be like
admin abc12?
admin sOi204
and so on. This is one method I really need to demonstrate. And I do not think there is a way to generate this pair method other than this?

As far as finding the wordlists pairs I have not found what I need. And also I am not using strictly dictionary words. Kinda mixing some true brute forcing in as well.

After I close up for the day 6 times a month I volunteer a couple of hours per night at the library and a couple of nursing homes to teach beginners computer basics and how to stay safe online. Something I always hear from the over 65's whom have never even run antivirus on their computers because they don't know how or the importance. I want to put together a demonstration to show just a bit how passwords can be grabbed. I get tired of hearing the "no one would ever guess my password" and I want to show them the importance of mixing things up and teach how they can make a password they can remember. I mostly show the importance of backing up and how to not spill coffee on the keyboard but a couple of people have been taken for a ride the last couple of months so I was asked if I would provide some of this kind of stuff. I want to open their eyes just a bit.

Sorry, I get long winded at times.
 

captain-sensible

Well-Known Member
Credits
6,832
You said the 10/10 must match the pattern. Are you talking about the order or it cannot go over 10.
generally in crunch commands with : first int, second int

first number tells crunch minimum chars to start with in wordlist and second number the maximum you want. Other commands are quirky in that the number must match and equal the number of chars , the user DEFINES in a "pattern"
 


Members online


Latest posts

Top