I would like to generate a wordlist that contains words and 2 digit numbers. I want crunch to shuffle them like 15password15, password15, 15password...
Is there any way I can do that with crunch or do I need another script?
Asked
Active
Viewed 2,711 times
2
-
This would be trivial to do with a script if you have the dictionary you want to use. – schroeder Nov 27 '16 at 22:00
-
I have words but none of them are the password. It must be some combination that contains those words. – s3lcuk Nov 27 '16 at 22:12
-
Yes, I understand that, but what you are asking to do is very simple with a script. I doubt crunch can do exactly what you are asking. – schroeder Nov 28 '16 at 07:30
1 Answers
2
Depending on your use case, there are a couple of options:
If you want a lot of control over the contents, but you also want many permutations, then scripting it yourself (as already suggested in the comments) may be the only way to do it.
Otherwise, tools from the hashcat family can be used to generate all possible permutations up to a given element count. Especially for the general use case from the title of your question "using words like chars", princeprocessor is an effective choice.
At a minimum, it sounds like you'll need to use a script to generate all possible two-digit numbers, and then combine that list with your other dictionary, and then feed them into a tool that will generate many different combinations for you. There are a couple of ways to do this.
Here are the files that I'll use in some examples.
$ cat - >words.list
password
qwerty
iloveyou
$ seq -w 1 99 >digits.list
$ head -1 digits.list
01
$ tail -1 digits.list
99
Combining a list of strings into all possible combinations is what password crackers usually called a combinator attack. Some variants of this attack only combine each element twice, or three times, but it sounds like you're looking for a range of element counts. Otherwise, combinator and combinator3 from hashcat-utils could generate the lists:
$ combinator words.list digits.list | head -5
password01
password02
password03
password04
password05
$ combinator3 digits.list words.list digits.list | head -5
01password01
01password02
01password03
01password04
01password05
If you only needed to iterate through all possible numbers in a specific position (at the end or at the beginning), a hybrid attack (wordlist + mask) would work, and you could use hashcat's --stdout option to generate the list:
$ hashcat --stdout -a 6 words.list ?d?d | head -5
password12
password08
password20
password31
password98
$ hashcat --stdout -a 7 ?d?d words.list | head -5
12password
08password
20password
31password
98password
But if you want more than 3 elements per result -- strings like '1515password15', 'passwordpassword1515', '15password15password' -- etc, then you'll run into the two- or three-element-per-string limits of these approaches.
If you are willing to be a little relaxed about composition - in other words, if it's OK if some of the strings are digits-only sequences like "013522" or words with no digits at all, you can escape those limitations with princeprocessor (pp64), like so:
$ cat words.list | pp64 | tail -5
iloveyouquerty
passwordpassword
iloveyoupassword
passwordiloveyou
iloveyouiloveyou
princeprocessor will generate all possible permutations, up to the element count that you specify.
One potential issue is that princeprocessor will try to order the output in favor of shorter strings first, so you'll get a lot of numbers before you start to hit the words:
$ cat digits.list words.list | pp64 | head -100000000 | tail -5
07743573
08743573
09743573
10743573
11743573
If you want more control over the contents - for example, all of the resulting strings must contain at least one set of non-digits, I'd simply filter the results with grep:
$ cat digits.list words.list | pp64 | egrep [a-z] | head
password
iloveyou
01qwerty
02qwerty
03qwerty
04qwerty
05qwerty
06qwerty
07qwerty
08qwerty
09qwerty
10qwerty
$ cat digits.list words.list | pp64 | egrep [a-z] | egrep [0-9] | head -5000 | tail
4145qwerty
4245qwerty
4345qwerty
4445qwerty
4545qwerty
4645qwerty
4745qwerty
4845qwerty
4945qwerty
5045qwerty
If you only want results that guarantee at least one element from both list, but you also want a variable number of elements, filtering the output from princeprocessor is the best way that I know of.
Filtering the output from princeprocessor with grep is a bit of a workaround (for there being no tool that natively understands that you want at least one element from each list). As far as I know, if that's your use case, it would require new development (either writing your own script, or modifying the princeprocessor source).
Royce Williams
- 9,128
- 1
- 31
- 55