You have a number of errors including a spelling error (rank). charAt() can only work with string values, not numbers.
var rand = Math.floor(Math.random()*110000)+100000;
rand = rand.toString();
var len = rand.length;
var strings = ;
But the whole thing is pointless and futile. Password scripts produced by client-side coding (Javscript) are usually hopelessly insecure.
There are far better approaches to this.
“There are two kinds of failures: those who thought and never did, and those who did and never thought.” - Dr. Laurence J. Peter quotes (American "hierarchiologist", Educator and Writer, 1919-1990)