Difference between revisions of "Password Cracking: Membuat custom wordlist menggunakan Crunch"

From OnnoWiki
Jump to navigation Jump to search
 
Line 21: Line 21:
 
  crunch
 
  crunch
  
Akan tampak kata-kata,
+
==Step 2 Syntax Crunch==
  
Let's get started with crunch and generate some custom wordlists to crack passwords in our favorite password cracking tool.
+
Syntax dasar crunch sebagai berikut,
  
 +
crunch <min> max<max> <characterset> -t <pattern> -o <output filename>
  
 +
Dengan
  
 +
min = The minimum password length.
 +
max = The maximum password length.
 +
characterset = The character set to be used in generating the passwords.
 +
-t <pattern> = The specified pattern of the generated passwords. For instance, if you knew that the target's birthday was 0728 (July 28th) and you suspected they used their birthday in their password (people often do), you could generate a password list that ended with 0728 by giving crunch the pattern @@@@@@@0728. This word generate passwords up to 11 characters (7 variable and 4 fixed) long that all ended with 0728.
 +
-o <outputfile> = This is the file you want your wordlist written to.
  
 +
==Step 3 Crunch Manual==
  
Tidak banyak informasi yang diberikan
+
Manual crunch bisa di akses melalui perintah,
  
Unlike many other hacking applications, crunch doesn't provide us with much info in its opening screen. I believe that's because crunch, although relatively simple to work with initially, has so many sophisticated options that the developer has put much of the information in man pages.
+
man crunch
  
==Step 2The Crunch Syntax==
+
agak ke bawah kita akan melihat cukup banyak contoh yang diberikan di crunch manual ini. Agak ke bawah kita bisa melihat penggunakan switch chacactersset pada crunch, sebagai berikut
  
The basic syntax for crunch looks like this:
+
-f /path/to/charset.lst charset-name
 +
        Specifies a character set from the charset.lst
  
kali > crunch <min> max<max> <characterset> -t <pattern> -o <output filename>
+
Disini kita dapat memberitahukan crunch dimana letak (full path) charset.lst. Di Kali Linux, charset.lst ada di:
  
Now, let's go over what's included in the syntax above.
+
/usr/share/crunch/charset.lst
  
    min = The minimum password length.
+
==Step 4 Create Simple Wordlist==
    max = The maximum password length.
 
    characterset = The character set to be used in generating the passwords.
 
    -t <pattern> = The specified pattern of the generated passwords. For instance, if you knew that the target's birthday was 0728 (July 28th) and you suspected they used their birthday in their password (people often do), you could generate a password list that ended with 0728 by giving crunch the pattern @@@@@@@0728. This word generate passwords up to 11 characters (7 variable and 4 fixed) long that all ended with 0728.
 
    -o <outputfile> = This is the file you want your wordlist written to.
 
  
==Step 3The Crunch Manual==
+
Membuat simpel wordlist untuk password cracking. Kita mengasumsikan password yang digunakan hanya menggunakan 4 sampai 8 character. Kita dapat membuat semua kemungkinan password-nya menggunakan crunch dengan nulis,
  
Let's go to the man pages for crunch by typing:
+
crunch 4 8
  
kali > man crunch
+
Saat di jalankan, crunch akan mengestimasi besar file sebelum mulai membuat list-nya, besar file tersebut adalah,
  
This should open the manual pages for crunch like that below. The developers of crunch have packed these pages with a lot of info on how to get the most out of crunch.
+
Crunch will now generate the following amount of data: 1945934046160 bytes
 +
1855787 MB
 +
1812 GB
 +
1 TB
 +
0 PB
 +
Crunch will now generate the following number of lines: 217180128880
  
If we page down a bit in these man pages, we will come to this page (notice at the bottom, it says we are at line 70).
+
Jika kita tahu bahwa target hanya menggunakan password ANGKA antara 6 dan 8 character. Maka kita dapat membuat list lengkap dari kemungkinan password yang memenuhi kriteria tersebut dan menyimpannya pada root user directory dengan nama numericwordlist.lst dengan mengetik
  
At the top we see the -f switch. This switch allows us to choose the character set we want to use to generate our wordlist. The syntax is:
+
crunch 6 8 1234567890 -o /root/numericwordlist.lst
 
 
-f /path/to/charset.lst <charactersetname>
 
 
 
Here we tell crunch where the charset.lst is with the full path and then select a particular character set from that list. In Kali, the charset.lst is at:
 
 
 
/usr/share/rainbowcrack/charset.lst
 
 
 
==Step 4Create Some Simple Wordlists==
 
 
 
Let's start by generating some simple wordlists for password cracking. Let's assume that we know the company has passwords between 4 and 8 characters. We can generate all the possibilities in crunch by typing:
 
 
 
kali > crunch 4 8
 
 
 
Where the first number (4) is the shortest word length and the second (8) is the longest word length.
 
 
 
When we execute this statement, crunch estimates how large the file will be (1812 GB) and then begins to generate the list.
 
 
 
What if we knew that the target always used number passwords between 6 and 8 characters? We could generate a complete list of password possibilities meeting this criteria and send them to a file in the root user's directory called numericwordlist.lst by typing:
 
 
 
kali > crunch 6 8 1234567890 -o /root/numericwordlist.lst
 
  
 
If we knew that the target's birthday was July 28 and they likely used that date (people often use their birthdates in their passwords to make it easier to remember) at the end of a ten character password? We could generate all the possibilities of ten-character passwords that end with 0728 and send the output to a file in the root user's directory named birthdaywordlist.lst, by typing:
 
If we knew that the target's birthday was July 28 and they likely used that date (people often use their birthdates in their passwords to make it easier to remember) at the end of a ten character password? We could generate all the possibilities of ten-character passwords that end with 0728 and send the output to a file in the root user's directory named birthdaywordlist.lst, by typing:
Line 84: Line 74:
  
 
The @ sign is use to represent a wildcard of all possibilities, while the literals "0728" represent the fixed values.
 
The @ sign is use to represent a wildcard of all possibilities, while the literals "0728" represent the fixed values.
Step 5Complex Wordlists with Crunch
+
 
 +
Step 5 Complex Wordlists with Crunch
  
 
One of the beauties of crunch is the ability to select a specific character set or create your own character set for generating your password list. If we know the likely character set the target is using for their password, we can select the character set to generate our password list. We can find the choice of character sets at:
 
One of the beauties of crunch is the ability to select a specific character set or create your own character set for generating your password list. If we know the likely character set the target is using for their password, we can select the character set to generate our password list. We can find the choice of character sets at:

Latest revision as of 11:49, 27 April 2020

Sumber: https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-4-creating-custom-wordlist-with-crunch-0156817/ .

Dalam banyak disiplin pemecahan password, kita sering perlu menggunakan wordlist yang pada dasarnya akan mencoba ribuan kata sandi potensial per detik. Ini sering disebut sebagai dictionary attack, meskipun kita tidak perlu hanya mengandalkan kata-kata di kamus. Wordlist dapat memiliki kombinasi karakter dan kata dalam upaya memecahkan password yang rumit secara offline.

Terkadang kita mungkin memiliki indikasi password pilihan target atau komponen password yang mungkin berasal sari pengetahuan kita tentang target, mis. pacar, tetangga, teman, dll. Bisa nama mereka, nama anak-anak, nama hewan peliharaan, ulang tahun, atau pekerjaan. Kita juga dapat mengetahui kebijakan password organisasi (mis. Minimum 8 karakter, huruf besar dan kecil, dll.).

Dalam kasus ini, kita mungkin dapat membuat wordlist yang disesuaikan yang mencerminkan pengetahuan kita tentang target atau kebijakan password organisasi.

Kali Linux telah memasukan di dalamnya sebuah tool yang disebut "crunch" yang memungkinkan kita untuk membuat custom password-cracking wordlist yang dapat kita gunakan dengan tool seperti Hashcat, Cain and Abel, John the Ripper, Aircrack-ng, dan lainnya. Custom wordlist ini mungkin dapat menyelamatkan kita berjam-jam atau berhari-hari dalam pemecahan password jika kita dapat membuatnya dengan benar.


Step 1 Jalankan Kali kemudian Crunch

Jalankan Kali linux, kemudian jalankan crunch melalui menu 

Applications -> Password Attacks -> crunch

atau melalui CLI, ketik 

crunch

Step 2 Syntax Crunch

Syntax dasar crunch sebagai berikut, 

crunch <min> max<max> <characterset> -t <pattern> -o <output filename>

Dengan 

min = The minimum password length.
max = The maximum password length.
characterset = The character set to be used in generating the passwords.
-t <pattern> = The specified pattern of the generated passwords. For instance, if you knew that the target's birthday was 0728 (July 28th) and you suspected they used their birthday in their password (people often do), you could generate a password list that ended with 0728 by giving crunch the pattern @@@@@@@0728. This word generate passwords up to 11 characters (7 variable and 4 fixed) long that all ended with 0728.
-o <outputfile> = This is the file you want your wordlist written to.

Step 3 Crunch Manual

Manual crunch bisa di akses melalui perintah, 

man crunch

agak ke bawah kita akan melihat cukup banyak contoh yang diberikan di crunch manual ini. Agak ke bawah kita bisa melihat penggunakan switch chacactersset pada crunch, sebagai berikut 

-f /path/to/charset.lst charset-name
       Specifies a character set from the charset.lst

Disini kita dapat memberitahukan crunch dimana letak (full path) charset.lst. Di Kali Linux, charset.lst ada di: 

/usr/share/crunch/charset.lst

Step 4 Create Simple Wordlist

Membuat simpel wordlist untuk password cracking. Kita mengasumsikan password yang digunakan hanya menggunakan 4 sampai 8 character. Kita dapat membuat semua kemungkinan password-nya menggunakan crunch dengan nulis, 

crunch 4 8

Saat di jalankan, crunch akan mengestimasi besar file sebelum mulai membuat list-nya, besar file tersebut adalah, 

Crunch will now generate the following amount of data: 1945934046160 bytes
1855787 MB
1812 GB
1 TB
0 PB
Crunch will now generate the following number of lines: 217180128880

Jika kita tahu bahwa target hanya menggunakan password ANGKA antara 6 dan 8 character. Maka kita dapat membuat list lengkap dari kemungkinan password yang memenuhi kriteria tersebut dan menyimpannya pada root user directory dengan nama numericwordlist.lst dengan mengetik 

crunch 6 8 1234567890 -o /root/numericwordlist.lst

If we knew that the target's birthday was July 28 and they likely used that date (people often use their birthdates in their passwords to make it easier to remember) at the end of a ten character password? We could generate all the possibilities of ten-character passwords that end with 0728 and send the output to a file in the root user's directory named birthdaywordlist.lst, by typing:

kali > crunch 10 10 -t @@@@@@0728 -o /root/birthdaywordlist.lst

The @ sign is use to represent a wildcard of all possibilities, while the literals "0728" represent the fixed values.

Step 5 Complex Wordlists with Crunch

One of the beauties of crunch is the ability to select a specific character set or create your own character set for generating your password list. If we know the likely character set the target is using for their password, we can select the character set to generate our password list. We can find the choice of character sets at:

/usr/share/rainbowcrack/charset.txt

Now, if we know that our target is using an eight character password with only alphabetic characters, we can generate a list of all the possibilities in crunch with the command:

kali > crunch 8 8 -f /usr/share/rainbowcrack/charset.txt mixalpha -o /root/alphawordlist.lst

This will generate all the 8-character passwords using only the alphabetic characters (no numbers or special characters) and storing them in a file called alphawordlist.lst in the root user's directory.

When cracking passwords, there are multiple methods of cracking unknown passwords. These include dictionary, rainbow table, brute force and others. If we know that parameters of the password or know something about the target and their possible passwords (birthday, pet names, spouse, etc.), crunch can be a very useful tool for generating specific wordlists to be used in a dictionary-like attack.

That's it for this lesson; stay tuned to this series on password cracking for more guides in the near future.



Referensi

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Password_Cracking:_Membuat_custom_wordlist_menggunakan_Crunch&oldid=61390"