Download Wordlist for dictionary attack

Crackstation wordlist is one of the most (if not the most) comprehensive wordlist which can be used for the purpose of dictionary -attack on passwords.

The wordlist comes in two flavors:

  1. Full wordlist (GZIP-compressed (level 9). 4.2 GiB compressed. 15 GiB uncompressed)
  2. Human-password only wordlist (GZIP-compressed. 247 MiB compressed. 684 MiB uncompressed)

Personally, I’ve already downloaded the full wordlist via torrent, and tested it against few PDF files (using pdfcrack) and UNIX password cracking (using John), all my test cases were successful. In my opinion, the wordlist is comprehensive for my need.

Since it looked like it took a significant effort to compile this wordlist, I rather advocate those who are interested to donate/buy the wordlist from: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

Cracking PDF file with PDFCrack in Linux

I’ve come across an PDF which was sent to my email from an automated banking system. Unfortunately, the PDF file is encrypted and I’ve no way of knowing the password (or actually I’ve forgotten the password).

Fortunately, my Ubuntu box comes with application which allows me to crack the PDF file within a reasonable time.

Using ‘pdfcrack’ to crack PDF file

You need to install pdfcrack to crack pdf file. In Ubuntu/Debian system, you simply need to run

sudo apt-get -y install pdfcrack

Then for actual cracking, you can run

pdfcrack -n5 -m10 encrypted.pdf

Where -n [minimum length] to brute-force, and -m [maximum length] to brute-force.

pdfcrack can also accept a file input containing list of words (dictionary attack). For dictionary-attack just run

pdfcrack --wordlist=dictionary.txt encrypted.pdf

Iptables rule to safeguard SSH server from crackers

Secured Shell or SSH is a service to enable users to access remote system securely. However, SSH servers depending on password-based authentication might be vulnerable to dictionary-based (or brute-force) attacks by crackers.

Luckily iptables can be used with ‘–limit-burst‘ and ‘–limit’ option to reduce the number of attempts and connection that a cracking tool can make in a period of time.

For example, in order to limit an IP address to making only 5 connections per minute in burst of 2 connections, you can use this iptables rules:

iptables -A INPUT -p tcp --dport ssh -m limit --limit 5/minute --limit-burst 2 -j ACCEPT

This will result in the iptables will only allow up to 5 connections per minute with 2 maximum initial number of connections, which will make any brute-force or dictionary-based attack uneconomical/unfeasible for the server.

Read more about iptables –limit and –limit-burst in Linux Iptables Limit the number of incoming tcp connection / syn-flood attacks