NCL Password Cracking

Rock You Dictionary File

You will use the Rock You dictionary file to brute force passwords. Make sure that the list is available and extracted.

ls /usr/share/wordlists

And you should see a console output that looks similar to this:

• amass
• dirbuster
• fasttrack.txt
• john.lst
• metasploit
• rockyou.txt.gz
• wfuzz
• dirb
• dnsmap.txt
• fern-wifi
• legion
• nmap.lst
• sqlmap.txt
• wifite.txt

Look for the rockyou.txt file. If it has the .gz extension i.e. rockyou.txt.gz that means the text file has not been extracted. To unzip it, run the following command:

gunzip /usr/share/wordlists/rockyou.txt.gz

Now confirm that it was extracted by running the ls command again:

ls /usr/share/wordlists

And you should see a console output that looks similar to this:

• amass
• dirbuster
• fasttrack.txt
• john.lst
• metasploit
• rockyou.txt
• wfuzz
• dirb
• dnsmap.txt
• fern-wifi
• legion
• nmap.lst
• sqlmap.txt
• wifite.txt

Cracking Encrypted PDFs

To begin, extract the encrypted password to a new file.

pdf2john encrypted.pdf > [filename].txt

This will output the filename and then the data on the next line. Remove this first line as it will break your decryption later e.g.

encrypted.pdf:
Essasefwfet4gsdfvfneesvedcesve55334dsfsavRSfvaeeSWjhydfneii4r3242EResd

You can then use your preferred method of password cracking, this example will show how to use john.

john --wordlist=/usr/share/wordlists/rockyou.txt [filename].txt

Caution

Ensure you have increased your VM’s ram and processors or it will limit the process’ speed. Go to the tool bar and hit VM then SETTINGS and change it in the GUI.

When john finishes, use this command to view the file:

john --show [filename].txt

You can then open the pdf and enter the password in [filename].txt to gain any information contained within it, for NCL, the flag will be contained there.