In penetration testing the worst part is authentication failure. Cracking a hash or a dictionary attack to an authentication form is time consuming. It depends on the strength of the password. An eight character password can have the possible combination of 6,634,204,312,890,625 including special char . Bruteforcing all the possible combination may take hours or days or even several years. seems ridiculous right? lets imagine a scenario, you know the half of the password or you are sure that the password has a specific name or word in it. you just have to find the rest of the characters which seems to be more practical

crunch is the best tool to create your own custom passwords. Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.


Install crunch if you dont have it
# apt-get install crunch

Basic Usage

# crunch  <min> <max> <character set> -o <outfile>
# crunch 4 4 abcdefghijklmnopqrstuvwxyz -o /root/Desktop/wordlist.txtoutput:

This command will generate a wordlist of  4 character with all possible combinations made my lower case alphabets. you can include alphanumeric and special chars and increase the max length for a gigantic wordlist. This gonna consume lot of disk space, better create small ones and rar it.

while using special char use ” because special characters need escaping
# crunch 4 4 abcdefg@!%$ -o /root/Desktop/wordlist.txt


Advanced usage

As said before if you know a part of the password or if its a combination some words you can have a look at this.

We can generate wordlist with both prefix and suffix words

Eg: if the word admin is the prefix and u need to crack the rest like :-
# crunch 8 8 -t admin%%% -o /root/Desktop/wordlist.txt


This will create wordlist with admin as prefix and all possible numerical value as suffix
here “% ” represent  numbers
@    – lowercase alpha
‘       – uppercase alpha
^      – special char
more examples
# crunch 8 8 -t %%%admin -o /root/Desktop/wordlist.txt
# crunch 8 8 -t @@admin% -o /root/Desktop/wordlist.txt
# crunch 10 10 -t @@@admin%^^ -o /root/Desktop/wordlist.txt

Permutation of words instead of chars

root@khromozome:~# crunch 1 1 -p one two three
Crunch will now generate approximately the following amount of data: 72 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 6


Splitting wordlist

while creating a file you can split into several files of same size this command will split the file after each 10 Mega Bytes


# crunch 8 8 1234567890abcdef -b 10mb -o START
You can customize your wordlist according to your need. crunch is flexible and has many options. Hope this helps in hash cracking and online login forum penetration testing.

Susmith Krishnan

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.