Crunch : Office365 Passwords

by Vince
in Blog
Hits: 683

The definition states:  "Crunch is a wordlist generator where you can specify a standard character set or a character set you specify.  Crunch can generate all possible combinations and permutations."

Crunch is useful for generating wordlists and it's especially useful when you want to generate wordlists with patterns.  For example, while setting up Office365 accounts, I let the web mechanism generate passwords.  The standard generated password sets the first character as uppercase alpha, followed by two lowercase alphas, ending with a five digit number. 

When we execute Crunch, we get min, max, and options:

If we dig into the man pages, when we scroll down, we find the -t option which gives us the ability to define a pattern such as the one describe above for Office365:

Min and max are eight characters and the -t ,@@%%%%% will generate the upper, lowers, and numbers:

In case you missed it, that's a 14GB password list.  If we output to screen, we see the following scroll by:

I don't think I'll be doing and brute force attacks with a 14GB file but if we managed to get a hash, we could build a list specifically for the pattern.