Jump to content
Hak5 Forums
undersc0re

Crunch password list

Recommended Posts

   I am attempting to make a password file in crunch in one command, I need it to be 12 characters long and always start with 0MGSM2 those first 6 characters always the same and the 7th character always being a random digit and then the last 5 characters are a mix of uppercase letters and or digits random placed. Is there one command to do this in crunch or would I have to make multiple lists and just join them together? I tried to do it from the man page and googling but can not seem to get this one. Thank-you.

  • Upvote 1

Share this post


Link to post
Share on other sites
11 hours ago, undersc0re said:

 Is there one command to do this in crunch

in crunch --help you should give you some options

Edited by Just_a_User

Share this post


Link to post
Share on other sites

Thanks, I could not find if there was a command for both random numerals and uppercase for last 5 characters so I just typed out characters for it to use (A-Z and 0-9, thought there was a shortcut....gave up lol.

Share this post


Link to post
Share on other sites

./crunch 12 12 -t 0MGSM2@@@@@@ -o (output destination).lst

I'm sure a line of code is missing from the command but gives you a general idea of what it'll look like when creating the worldlist.

Share this post


Link to post
Share on other sites

post a example short list of what you expect to see.

 

A-Z

0-9

total 36 characters correct?

5 places of each random character?

 

5 to the 36th power 

5**36=14551915228366851806640625

 

what's your performance of your gpu' s

 

 

if you had one 1080ti gpu and your cracking wpa with this word list. here is how many seconds it would take you to complete this task

 

((5**36)/580000)/(24*60)
=> 17423270148906671

 

if you had one hundred 1080ti's here is the amount of time you need to complete the is process. 

 ((5**36)/(580000*100))/(24*60)
=> 174232701489066

 

wait. i think that's how many days you need to process this list...

Edited by i8igmac

Share this post


Link to post
Share on other sites

Dont forget about the harddrive space needed.

Some listes generated could be over 10 T. 

  • Upvote 1

Share this post


Link to post
Share on other sites

Nvidia GTX 1080Ti == 576000 hash/s
24 hours / 1 day
60 minutes / 1 hour
60 seconds / 1 minute

5**36 hashs

(5**36 hashs)*(1second/576000 hashs)*(1 minute/60 seconds)*(1 hour/60 minutes)*(1 day/24 hours)
$ echo '(5^36)*(1/576000)*(1/60)*(1/60)*(1/24)' | bc -l
292404418008271 days

(5**36 hashs)*(1second/576000 hashs)*(1 minute/60 seconds)*(1 hour/60 minutes)*(1 day/24 hours)*(1year/365days)
$ echo '(5^36)*(1/576000)*(1/60)*(1/60)*(1/24)*(1/365)' | bc -l
801107994543 years

(5**36 hashs)*(1second/576000 hashs)*(1 minute/60 seconds)*(1 hour/60 minutes)*(1 day/24 hours)*(1year/365days)*(1age of the known universe/13.7 billion years)
echo '(5^36)*(1/576000)*(1/60)*(1/60)*(1/24)*(1/365)*(1/13700000000)' | bc -l
58.475 times the age of the known universe

  • Like 1

Share this post


Link to post
Share on other sites

if its 36 possibles over 5 places is it not 36^5 rather than 5^36? if so it would take the 1080ti you quote just under 105 seconds to try the lot.

Edited by aethernaut
  • Like 2

Share this post


Link to post
Share on other sites

Yeah, that is totally correct, i missed that, the passwordspace should be 36^5, not 5^36

  • Like 1

Share this post


Link to post
Share on other sites

("0".."9").to_a+("a".."z").to_a+("A".."Z").to_a.permutation(6).each{|x| puts("0MGSM2"+x.join) }

save this one liner as file.rb.

test Run it like the 2 commamds below.

Ruby file.rb 

or

ruby file.rb > OMGA.list

here is a modified version that for speed will save to a file.

 

 

g=File.new("OGSM.list", +a)

("0".."9").to_a+("a".."z").to_a+("A".."Z").to_a.permutation(6).each{|x| f.puts("0MGSM2"+x.join) }

f.close

 

The above should be quicker then the console method . But I haven't tested to confirm this...

there is no output for this method but you should expect to see something like this in your OSGM.list

Expected output 

0MGSM0ABHXIN
0MGSM9ABHXIO
0MGSM8ABHXIP
0MGSM7ABHXIQ
0MGSM6ABHXIR
0MGSM5ABHXIS
0MGSM4ABHXIT
0MGSM3ABHXIU
0MGSM2ABHXIV
0MGSM1ABHXIW

 

 

 

 

crunch 12 12 "0987654321abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@

 

This should work for your crunch command. Its 79 gigs.

% = 0-9

@= a-z A-Z 0-9

 

And this one below is 4 gigs and maybe what your looking for.

crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@

Edited by i8igmac

Share this post


Link to post
Share on other sites
On 11/22/2018 at 11:53 AM, kdodge said:

Nvidia GTX 1080Ti == 576000 hash/s
24 hours / 1 day
60 minutes / 1 hour
60 seconds / 1 minute

5**36 hashs

(5**36 hashs)*(1second/576000 hashs)*(1 minute/60 seconds)*(1 hour/60 minutes)*(1 day/24 hours)
$ echo '(5^36)*(1/576000)*(1/60)*(1/60)*(1/24)' | bc -l
292404418008271 days

(5**36 hashs)*(1second/576000 hashs)*(1 minute/60 seconds)*(1 hour/60 minutes)*(1 day/24 hours)*(1year/365days)
$ echo '(5^36)*(1/576000)*(1/60)*(1/60)*(1/24)*(1/365)' | bc -l
801107994543 years

(5**36 hashs)*(1second/576000 hashs)*(1 minute/60 seconds)*(1 hour/60 minutes)*(1 day/24 hours)*(1year/365days)*(1age of the known universe/13.7 billion years)
echo '(5^36)*(1/576000)*(1/60)*(1/60)*(1/24)*(1/365)*(1/13700000000)' | bc -l
58.475 times the age of the known universe

Sounds about right

 

Share this post


Link to post
Share on other sites
5 hours ago, Bigbiz said:

Sounds about right

 

I miss lead these people to a improper math statement.

36**5 is doable as some one said above with a 1080ti would do this in 105 seconds.

 

Here is the answer to the original post.

 

asus@asus:~$ crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@
Crunch will now generate the following amount of data: 4362076160 bytes
4160 MB
4 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 335544320

 

If you are only using Capital letters and 0-9 then only 4 gigs of data is generated.

 

how do you do the math when the 7th char is only 0-9 then 5 chars 0-9+A-Z.

 

36**5 = 60466176

60466176*10 ?

Educate me some one lol.

Share this post


Link to post
Share on other sites

@i8igmac

The way I have always understood it with permutations (where repetition is allowed) you just multiply by the numer of options you have each time. So for the example you mentioned it would be:

10*36*36*36*36*36

which, as it's all multiplication, is the same as 36^5*10 as you suggest

So say you were trying to crack a simple password hash and knew that:

  • every password issued was 5 characters long
  • for some reason had the specific pattern, 0-9, 0-9, a-z, A-Z, symbol - same as hashcat's ?s or <space>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~, and,
  • repetitions were allowed

the permutations would be 10*10*26*26*33

Share this post


Link to post
Share on other sites
12 minutes ago, aethernaut said:

@i8igmac

The way I have always understood it with permutations (where repetition is allowed) you just multiply by the numer of options you have each time. So for the example you mentioned it would be:

10*36*36*36*36*36

which, as it's all multiplication, is the same as 36^5*10 as you suggest

So say you were trying to crack a simple password hash and knew that:

  • every password issued was 5 characters long
  • for some reason had the specific pattern, 0-9, 0-9, a-z, A-Z, symbol - same as hashcat's ?s or <space>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~, and,
  • repetitions were allowed

the permutations would be 10*10*26*26*33

Crunch will now generate the following number of lines: 335544320

 

The reason I asked for help with this multiplication. Crunch reports 335544320 lines and mathematically I can't prove this is accurate

 

 

Share this post


Link to post
Share on other sites

crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@

I don't know crunch but what happened to W X Y and Z?

Share this post


Link to post
Share on other sites
2 hours ago, i8igmac said:

Lol ahh... I do everything from my android 🙂 ssome typos in my post...

And also when you actually typed it into crunch on your Asus machine? 😀

Quote

asus@asus:~$ crunch 12 12 "0987654321ABCDEFGHIJKLMNOPQRSTUV" -t 0MGSM2%@@@@@
Crunch will now generate the following amount of data: 4362076160 bytes
4160 MB
4 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 335544320

TBH I have made very similar errors many many times.

One day I will remember that my computers have a nasty habit of doing exactly what I tell them to do, not what I meant them to do. Pity that's unlikely to be today, or tomorrow or ...

Share this post


Link to post
Share on other sites
27 minutes ago, aethernaut said:

And also when you actually typed it into crunch on your Asus machine? 😀

TBH I have made very similar errors many many times.

One day I will remember that my computers have a nasty habit of doing exactly what I tell them to do, not what I meant them to do. Pity that's unlikely to be today, or tomorrow or ...

I do everything from my android. 

A screen shot lol

Screenshot_20181204-161931.png

Edited by i8igmac

Share this post


Link to post
Share on other sites

OK. Good point, well made!

I hang my head in shame for ever doubting you and promise to short 240v across my RAM chips by way of punishment!!!

Share this post


Link to post
Share on other sites
5 minutes ago, aethernaut said:

OK. Good point, well made!

I hang my head in shame for ever doubting you and promise to short 240v across my RAM chips by way of punishment!!!

this android is the biggest frustration. I have been developing a few websites from this phone and I have given up until I get my chromebook.

Share this post


Link to post
Share on other sites
Quote

this android is the biggest frustration. I have been developing a few websites from this phone

I can honestly say I never expected to see the words "android", "phone" and "developing websites" used in the same sentence like this...

It's got the same feel as "blindfold", "boxing gloves" and "brain surgery".

Share this post


Link to post
Share on other sites
3 hours ago, aethernaut said:

I can honestly say I never expected to see the words "android", "phone" and "developing websites" used in the same sentence like this...

It's got the same feel as "blindfold", "boxing gloves" and "brain surgery".

 

Ill have to make a video of how I accomplish things. 

 

I have made it as far as I can with my web projects. Until I get a chromebook.

 

curlftp. Ssh ftp http. I use these to make modification to the remote web server running rails.

 

And omg my phone just displayed a news article.

https://www.kali.org/news/kali-linux-for-the-gemini-pda/

 

If this device could serve as a replacement cell phone.

Share this post


Link to post
Share on other sites

One thing I have done with crunch as an experiment to targeted wordlist generation is take a sample wordlist of a target.  From that get a list of all unique characters of list (to prevent repetition we do no need and will not make sense).  I then choose a minimum word size and max word size I think the word or phrase will be.  I be sure to include a space in the character list so phrases can be generated.  From that you can generate smaller wordlists only using characters from words you think make up their password using crunch.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   1 member

×