Generate 10 Digit Phone Numbers using Crunch in Backtrack


Phone numbers are some of the most commonly used passwords for WEP/WPA encrypted wireless networks. Several ISP’s use them as default passwords for their routers for easy to remember access.  By creating a list of every possible phone number combination with a specific area code, generally your own area code, it will give you quick access to most wireless networks using a dictionary attack. Using crunch built into Backtrack 5R2, you can quickly generate every possible number combination beginning with a specified area code.

Applications > BackTrack > Privilege Escalation > Password Attacks > Offline Attacks > crunch

Use the following command

./crunch 10 10 -t 123%%%%%%% -o /root/123.txt

Explanation of command.  10 refers to the number of characters. The -t command allows you to specify a pattern where only the @’%^ characters will change, in this case the %. The 123 is where the area code will go followed by 7 % characters. The -o is for output and can be saved anywhere. Make sure to save it as a .txt file. This will only take a few seconds and will say 100% when finished. Now you can load these in Gerix and bruteforce WPA.

Note: Most cities have multiple area codes. To combine multiple files into one just do a ‘cat 123.txt 456.txt 789.txt >> all.txt’

Advertisements

3 thoughts on “Generate 10 Digit Phone Numbers using Crunch in Backtrack

  1. If you are pentesting in a smaller community you can speed this up dramatically by building a list that only includes the 3 digit prefixes used in that place. Searching wikipedia for the area code will get you the local prefixes, then it is just a matter of a simple bash script eg:

    #!/bin/bash

    #delete output file to start fresh each time
    rm ./smalltown.txt

    #set area code to one you are targeting
    areacode=444

    #iterate over all the prefixes and append to dictionary
    for prefix in 123 321 222 333 555 999
    do
    crunchstr=”${areacode}${prefix}%%%%”
    crunch 10 10 -t $crunchstr >> ./smalltown.txt
    done

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s