generating 8 digit number password list with kali and crunch

[Swamppifi]

Hi all

I am trying to generate a 8 digit number password list for WPA cracking of a router that has pre set 8 digit key phase when supplied from the sevice provider.

I am using kali live on a 8gb usb

when I am trying to generate , it is trying to generate 90000000 lines at 985mb

it gets to 48% when it failsdue to no space left on the device

i am using the following ...crunch 8 8 -f /usr/share/crunch/charset.lst numerical -o /root/routerpassword.txt

any Ideas how i can generate a list from 00000000 to 99999999 , even if i have to split it

Swamppifi

[digininja]

Here you go, some Ruby to do it for you

#!/usr/bin/env ruby

0.upto(9) do |x|
h = File.open(x.to_s + ".txt", "w")
(x*10000000).upto(((x+1)*10000000) - 1) do |y|
h.puts "%08d" % y
end
h.close
end

This creates 10 text files with all the numbers in. Each file is 86M.

Can be done in a similar way in most other languages.

[cooper]

Why do you want to waste all that space on a trivially created stream of data? Notice the wording I used here. A stream of data.

In unix there's this awesome thing called a named pipe which basically means that you pipe the output from one process to another but that instead of forcing the other process to fetch the data via STDIN, of which there is only one and as such it might have been taken for something else already, you can provide the data to the other process in a file-like manner. The stream opens like a file, you read it like a file (UNIX mantra: everything is a file. Applies magnificantly here) and so long as you don't seek through it you can do anything you want.

So, please, save on that 800+MB of wasted diskspace and instead...

mkfifo numbers.pipe
generate_numbers.sh > numbers.pipe &
echo "Gogogo!" | numbers_using_process -infile numbers.pipe

And example of generate_numbers.sh using just the shell:

#!/bin/bash

# Simple script to generate a zero-filled number sequence.
#
# 1 required parameters and 2 optional:
# First parameter is the amount of digits in a sequence
# Second parameter is the number to start from, default is 0.
# Third parameter is the last number to produce, defaults to the maximum number that can be represented with the specified amount of digits.
#
# Example:
# ./generate_numbers.sh 4 1 6
# 0001
# 0002
# 0003
# 0004
# 0005
# 0006

DIGITS=$1
CURRENT_NR=$2

if [ 'x'${3} == 'x' ]
then
    # Default to the highest number that can be represented
    # with the set amount of digits, plus one.
    END_NR="1`printf "%0${DIGITS}lu" 0`"
else
    END_NR=$(( ${3} + 1 ))
fi

while :
do
    printf "%0${DIGITS}lu\\n" ${CURRENT_NR}
    CURRENT_NR=$(($CURRENT_NR + 1))
    if (( ${END_NR} == ${CURRENT_NR} ))
    then
        break
    fi
done

Edited April 27, 2014 by Cooper

[Swamppifi]

Thanks for both replies...guys

I should be able to work out a solution.

I know I can pipe the std output from crunch orJohn the ripper directly into aircrack, but at the moment i am experimenting with Fern wifi cracker in Kali, and I am not sure if this is possible, as it requires password list for a dictionary attack.

I have already cracked two of my routers using it, and I want to see how long it takes on routers with pre compiled phase keys, as I have three in my router farm ( total of 15 )

[cooper]

I have three in my router farm ( total of 15 )

I think we'll get along swimmingly.

[Mr-Protocol]

crunch 8 8 0123456789 -o thelist.lst

[cooper]

Inspired by this thread and the subsequent reading of this Mubix blog post I figured that there might be an actual need for generating sequences of not just digits, but any character.

So, I expanded the script a bit and now it will generate any sequence you want it to, beit alphabetically, alphanumerical, upper-case, lower-case, you name it. I even put some validations in... What the hell is the world coming to?

#!/bin/bash

# Simple script to generate an incrementing sequence.
#
# 3 required parameters and 2 optional:
# First parameter is the amount of characters in a sequence.
# Second parameter is the character to start with at a given position.
# Third parameter is the character to end with at a given position.
# Fourth parameter is the initial sequence to start with, defaults to a repetition of the start character.
# Fifth parameter is the final sequence to produce, defaults to a repetition of the end character.
#
# Examples:
# ./seqgen.sh 1 0 2
# 0
# 1
# 2
# 
# ./seqgen.sh 4 0 9 9998
# 9998
# 9999
# 
# ./seqgen.sh 4 0 9 0006 0008
# 0006
# 0007
# 0008
#
# Note that in ASCII, capitals come before lower-case characters.
# ./seqgen.sh 1 X b
# X
# Y
# Z
# a
# b



if [ ${#2} -ne 1 ]
then
    echo "The starting character must be a single character." >&2
    exit
elif [ ${#3} -ne 1 ]
then
    echo "The ending character must be a single character." >&2
    exit
elif [ $2 \> $3 ]
then
    echo "The starting character must come alphabetically before the ending character" >&2
    exit
fi

ITEM_POS=0
if [ "x$4" = "x" ]
then
    while [ $ITEM_POS -lt $1 ]
    do
        ITEMS[$ITEM_POS]="$2"
        (( ITEM_POS++ ))
    done
else
    if [ ${#4} -ne $1 ]
    then
        echo "Initial sequence is of incorrect length" >&2
        exit
    fi
    while [ $ITEM_POS -lt $1 ]
    do
        ITEMS[$ITEM_POS]="${4:$ITEM_POS:1}"
        if [ "${ITEMS[$ITEM_POS]}" \< $2 -o "${ITEMS[$ITEM_POS]}" \> $3 ]
        then
            echo "Initial sequence contains out-of-sequence characters" >&2
            exit
        fi
        (( ITEM_POS++ ))
    done
fi

END_SEQUENCE=""
if [ "x$5" = "x" ]
then
    # Default to the 'highest' sequence that can be represented
    # with the set amount of digits.
    ITEM_POS=0
    while [ $ITEM_POS -lt $1 ]
    do
        END_SEQUENCE="$END_SEQUENCE$3"
        (( ITEM_POS++ ))
    done
else
    if [ ${#5} -ne $1 ]
    then
        echo "Ending sequence is of incorrect length" >&2
        exit
    fi
    ITEM_POS=0
    while [ $ITEM_POS -lt $1 ]
    do
        END_SEQ_CHAR="${5:$ITEM_POS:1}"
        if [ "$END_SEQ_CHAR" \< $2 -o "$END_SEQ_CHAR" \> $3 ]
        then
            echo "Ending sequence contains out-of-sequence characters" >&2
            exit
        fi
    done
    END_SEQUENCE="$5"
fi

CURRENT=""
ITEM_POS=0
while [ $ITEM_POS -lt $1 ]
do
    CURRENT="$CURRENT${ITEMS[$ITEM_POS]}"
    (( ITEM_POS++ ))
done

echo "$CURRENT"
while [ "$CURRENT" != "$END_SEQUENCE" ]
do
    INCREMENTING_POS=$(($1 - 1))
    ITEMS[$INCREMENTING_POS]=$(echo "${ITEMS[$INCREMENTING_POS]}" | tr "0-9A-Za-z" "1-9A-Za-z_")
    while [ "${ITEMS[$INCREMENTING_POS]}" \> "$3" ]
    do
        ITEMS[$INCREMENTING_POS]="$2"
        INCREMENTING_POS=$(($INCREMENTING_POS - 1))
        if [ $INCREMENTING_POS -lt 0 ]
        then
            exit
        fi
        ITEMS[$INCREMENTING_POS]=$(echo "${ITEMS[$INCREMENTING_POS]}" | tr "0-9A-Za-z" "1-9A-Za-z_")
    done
    CURRENT=""
    ITEM_POS=0
    while [ $ITEM_POS -lt $1 ]
    do
        CURRENT="$CURRENT${ITEMS[$ITEM_POS]}"
        (( ITEM_POS++ ))
    done
    echo "$CURRENT"
done

It's quite probable that you can reduce the length of the script by making some functions that would iterate over the array and do something sensible, but this works and I'm not particularly bothered by the length.

Output goes to STDOUT, errors to STDERR (so as not to confuse the receiver of the data).

[Swamppifi]

good work cooper

I will play with it over the weekend, and I really do appreciate your input.

I been playing with fern, as it automates a lot of the work that is done in a terminal session as a quick on target platform, it does all the de auth, capture the handshake, and starts brute forcing, at which point you can move off with a few clicks.

still experimenting with the best option.