One of the most used methods by attackers is password attempt attacks, which we know as brute force (brute force) attacks. These attacks are carried out by creating possible passwords after obtaining a lot of information such as research about your private life, the topics or photos you share on your social media accounts, the name of your pet or spouse.
So how do attackers generate this password list? There are many tools and articles written and created on this topic. We will use the one named “crunch” among these tools. Crunch is a tool that comes preinstalled on Kali Linux.
After typing the “crunch” command, we first enter the minimum length, second the maximum length of the password, and third the characters that will be included in the passwords to be created (letters, numbers, special characters, etc.) finally, we enter the path and name of the file where the passwords created with the “-o” parameter will be exported.
As seen above, “crunch” gives us the size of the password list created with the parameters we gave and the information on how many lines this password list was created. The first ten and last ten lines of the generated list are as follows.
As can be seen above, by taking the combination of all the characters we gave while creating the password list, it has printed all possibilities with a minimum length of 8 and a maximum length of 8. If we want to create a password specifically to save time, you can use the “-t” parameter in the “crunch” tool to create a password by placing certain symbols before or after the words we give to the tool.
As an example, you can say that next to the word "Ahmet", you can put a random 3-digit numbers and a random symbol after the numbers. We create this password list using “crunch” and “-t” parameter. Here's what you need to know before creating this list:
⦁ @ : Used to print random lowercase letters.
⦁ , : Used to print random capital letters.
⦁ % : Used to generate random numbers.
⦁ ^ : Used to generate random special characters.
Continuing the example we gave above, we can write our code as follows:
>>> crunch 9 9 -t Ahmet%%%^ -o /root/Desktop/Ahmetsifre.txt
As seen in the sample output, your passwords can be easily cracked even with a ready-made "crunch" style tool.
Our recommendations for password security:
⦁ You should not attach your passwords to the corner of your monitor with a post.
⦁ You should use passwords that are hard to guess.
⦁ Passwords should not contain personal information such as your name, date of birth, spouse's name, and dog's name.
⦁ As long as possible, it should contain lowercase, uppercase, numbers and special characters.
⦁ There are software used to create and store secure passwords, you can renew your old passwords or use these tools while creating a new password.
⦁ You should enable Multi-Factor Authentication in every possible account with different methods such as SMS, Token, Fingerprint, Face Recognition, QR code, Mobile App.
⦁ You must use completely different passwords on all your accounts.
⦁ You should not write your passwords in a notebook or a file on the computer.
⦁ You should update your passwords periodically.
⦁ You should not share your passwords with anyone.
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.