Wednesday, August 29, 2012

Wordlists manipulation and generation with Backtrack 5R2 Crunch application



Tutorial provided by



Brief Introduction:

Ok. This tutorial is going to introduce you with a Backtrack application called Crunch.
Most plainly said Crunch itself is a tool for wordlists generation. In this tutorial I’m going to explain some of its main options (not all), the way to use it, charsets, pros and cons and of course how it might come in handy.


I. How to install

First you’ll need Backtrack, of course. You can either run it in virtualization on a virtual machine like vmware or virtualbox. I will not cover how to boot Backtrack, there have already been lots of tutorials.

Now I assume most of the people around here know how to run applications in Ubuntu but nevertheless, I’ve made a part for the installation for those who aren’t familiar with unix-based OS and live CD distributions.

Open up a terminal and type:

Code:
wget http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.2.tgz



Once downloaded, going to extract it.



Code:
tar xvf crunch-3.2.tgz

Accessing directory:

Code:
cd crunch3.2/

Compiling and installing:

Code:
make
Code:
make install





II. How to use


Once installed we can start generating our wordlists.

Basic usage:


Code:
./crunch [minimum length] [maximum length]  [charset / options]

For example:

Code:
./crunch 1 5 abc123 –o wordlist.txt

This will generate all possible combinations between the characters “a, b, c, d, 1, 2, 3” with a min length of 1 and maximum of 5. Now the –o [file] option enables us to save all generated combinations to a file.

As well as that, when working out the charset, symbols are to be divided by a backslash "\".

For example:

Code:
./crunch 1 5 abc\!\*\( -o wordlist.txt


Permutations:

Permutations can be created by using the –p switch between words, letters, numbers, symbols.

For example:

Code:
./crunch 1 1 –p example of permutation


One thing you might’ve noticed is that we set min/max length again, no matter that we have a permutation, we still need to include them else rather it won’t do.

In that example we used 3 words, which will be a permutation of three. In other words P3 = 3*2*1 = 6 possible combinations (without any repeating).

Splitting generated combinations into separate lists with predefined size:

For this purpose we’ll have to use the –b switch which is designed to set the size of each file. So whenever crunch generates combinations that exceed let’s say 10mb, for example, it will locate the next generations into a separate file.

For example:

Code:
./crunch 1 8 abcdABCD –b 30mb –o START


This will split all generations of combinations between “a, b, c, d, A, B, C, D” in separate files, none exceeding the size of 30mb.

For all options and full usage of crunch visit its man page.

Hope this tutorial would come in handy for members!

-------------------------------

I decided this thread would be suitable for me to include a small project of mine written in PHP. It's again for wordlists generation, although not the best language for such.

PHP Code:
<?php

ini_set
('max_execution_time''65');$values 'ABCDEF';

container(strlen($values), );

function 
container($length$pos$out '' ){
    global 
$values;

    for (
$i 0$i $length; ++$i){
  if (
$pos $length ){
    
container($length$pos 1$out $values[$i]);
  }
    }

    if(
strlen($out) <= 6){
  echo 
$out '<br />';
  }
}
?>

Anyone experiencing problems with the code or wants me to explain something may feel free to post a reply to the tutorial.


Thanks for reading!

Related Posts:

  • Error-based Sybase Structured Query Language Injection Tutorial provided by RIPPER So here we start with a site.. I'm assuming you understand MySQL Injection. http://www.okfarmbureau.org/index.php?action=med… Read More
  • MsSQL Structured Query Language Injection Tutorial provided by PAKbugs™ The SQL Injection on ASP is same as on PHP...but a little bit of changes are made... So first of all we will find some site that is vulnerab… Read More
  • Network mapping with Kismet-newcore + giskismet Tutorial provided by Keeper First make a quick edit to the kismet.conf file, we can do this with nano: Code: nano /pentest/wireless/kismet-newcore/conf/kismet… Read More
  • Analyzing / Monitoring network captures with dsniff Tutorial provided by Keeper If you readily have access to the network, be it open or encrypted with WEP or WPA, the capture files can show a lot of information on… Read More
  • Using Hydra after connecting to network Tutorial provided by Keeper After gaining access to your network, you can check the strength of your router's access passwords by using a tool called Hydra from THC. Hydra is… Read More

0 comments:

Post a Comment