1

I'm trying to use crunch to generate a password list. However, if I add all necessary characters into one character set, as in:

file: charset_huge.lst

complex = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()]

... then I cannot create multiple repetition rules, such as:

  • no more than 2 repeating UPPERCASE characters in a row
  • no more than 2 repeating special characters in a row
  • no more than 2 repeating numeric characters in a row

My (current) character set file looks like this:

file: charset.lst

lower = [abcdefghijklmnopqrstuvwxyz]

upper = [ABCDEFGHIJKLMNOPQRSTUVWXYZ]

numeric = [1234567890]

special = [!@#$%^&*()]

In doing some research it looked to me that you could specify multiple sets within the same character set file by using the + sign, ie:

crunch 5 5 -f charset.lst lower + upper -o passwordlist.lst

The above command does in fact work but it doesn't register the second set (upper). It only produces a list based on the first set (lower).

My hope is that I'm doing something wrong and that multiple character sets (from the same character set file) IS possible and that I can use -t to specify multiple patterns.

Does any one know if this is possible? Thanks very much for guidance / examples!

Edit 1: to answer Conner's question, my intentions are to generate a very large listing of password combinations with which to feed to hashcat to perform a brute-force attack on an md5 hash. This is an ethical attack. Thanks for pointing that out Conner!

Improve this question
3
  • I'm not 100% on what you're trying to do here (generate a password list to use to make passwords, or a password list to use to crack passwords). But assuming the former it is worth mentioning that your proposed password repetition rules actually make your passwords less secure. Let the thing repeat characters if that's what the dice happen to roll.
    – Conor Mancone
    CommentedSep 11, 2018 at 3:21
  • Wow, I did not catch the fact that I didn't state my intentions. I am generating a (likely) massive list of passwords with which to feed into hashcat in order to bruteforce an md5 hash. For what it's worth, this is an ethical attack however I have no means to back that statement up. If I put all my characters into a single character set (lower, upper, #'s, and 6 special chars) my password list would be on the order of 1PT... which is far too large. I'm hoping that, if the above is possible, I can whittle that size down considerably.
    – JohnyD
    CommentedSep 11, 2018 at 18:33
  • AFAIK you can't give rules to crunch (like the repetition rules) nor select more than 1 charset (from all the examples I've read), but I may be wrong. You may want to check -p or -q.
    – Azteca
    CommentedSep 13, 2018 at 0:36

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.