meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
sw:password_cracking [2026/05/14 08:49] niziaksw:password_cracking [2026/05/24 09:55] (current) niziak
Line 1: Line 1:
 ====== password cracking ====== ====== password cracking ======
 +
 +===== hashcat =====
 +
 +Benchmarks:
 +<code bash>
 +hashcat -b -m 10500 -D 1
 +* Device #2: cpu-haswell-AMD Ryzen 5 5500, 14928/29921 MB (4096 MB allocatable), 12MCU
 +Speed.#2.........:   573.9 kH/s (19.71ms) @ Accel:1024 Loops:70 Thr:1 Vec:8
 +</code>
 +
 +<code bash>
 +* Device #1: cpu-skylake-avx512-AMD Ryzen 9 9950X 16-Core Processor, 29888/59841 MB (8192 MB allocatable), 32MCU
 +Speed.#1.........:  2643.5 kH/s (10.54ms) @ Accel:1024 Loops:70 Thr:1 Vec:16
 +</code>
 +
 +<code bash>
 +hashcat -b -m 10500 -D 2
 +* Device #1: NVIDIA GeForce GTX 1660 SUPER, 4352/5927 MB (1481 MB allocatable), 22MCU
 +Speed.#1.........: 12497.0 kH/s (47.64ms) @ Accel:1024 Loops:70 Thr:32 Vec:1
 +</code>
 +
 +
 +[[https://hashcat.net/wiki/doku.php?id=mask_attack]]
 +
 +[[https://hashcat.net/wiki/doku.php?id=example_hashes|Example hashes]]]
 +
  
 ===== PDF ===== ===== PDF =====
 +
 <code bash> <code bash>
 file document.pdf  file document.pdf 
 document.pdf: PDF document, version 1.6, 1 page(s) document.pdf: PDF document, version 1.6, 1 page(s)
 +</code>
 +
 +Check encryption algorithm:
 +<code bash>
 +python3 -m venv .venv
 +./.venv/bin/pip3 install peepdf-3
 +./.venv/bin/peepdf document.pdf
 +
 +# one document
 +PDF Format Version: 1.6
 +Encrypted: True (AES 128 bits)
 +
 +# another document
 +PDF Format Version: 1.4
 +Encrypted: True (RC4 128 bits)
 </code> </code>
  
Line 11: Line 53:
 <code bash> <code bash>
 /home/user/pdf2john/.venv/bin/pdf2john document.pdf /home/user/pdf2john/.venv/bin/pdf2john document.pdf
-$pdf$4*4*128*-12*1*16*...+$pdf$4*4*128*-12*1*16*<32 hex chars = 16bytes>*32*<hex chars>*32*<hex chars>
  
 /home/user/pdf2john/.venv/bin/pdf2john document.pdf > hash.txt /home/user/pdf2john/.venv/bin/pdf2john document.pdf > hash.txt
 </code> </code>
 +
 +<code bash>
 +$ john --verbosity=6 hash_john.txt 
 +initUnicode(UNICODE, UTF-8/ISO-8859-1)
 +UTF-8 -> UTF-8 -> UTF-8
 +Using default input encoding: UTF-8
 +Loaded 1 password hash (PDF, PDF encrypted document [MD5-RC4 / SHA2-AES 32/64])
 +Cost 1 (revision) is 4 for all loaded hashes
 +Cost 2 (key length) is 128 for all loaded hashes
 +</code>
 +
 +''$pdf$4*4*128*-12*1*16*'':
 +  * $pdf$4: Indicates the PDF format.
 +  * 4: Revision number (R). Revision 4 indicates 128-bit AES/ARC4 encryption
 +  * 4: Version of the encryption algorithm (V)
 +  * 128: Length of the key in bits (128-bit).
 +  * -12 (or another number): Length of the encryption data, often indicating permission settings, sometimes shown as a specific number of rounds in hashing algorithms.
 +  * 1: Type of encryption (e.g., 1 for Standard).
 +  * 16: Length of the user password hash/salt.
 +  * <Hex Salt>: This is the User Password/Owner Password information and salts derived from the PDF.
  
 Install ''hashcat'' Install ''hashcat''
 <code bash>apt install hashcat-nvidia</code> <code bash>apt install hashcat-nvidia</code>
 +
  
 <code bash> <code bash>
Line 25: Line 88:
   10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1                 | Document   10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1                 | Document
   10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2                 | Document   10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2                 | Document
-  10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8)                              | Document+  10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8)                              | Document | RC4 128bits or AES128
   25400 | PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass        | Document   25400 | PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass        | Document
   10600 | PDF 1.7 Level 3 (Acrobat 9)                                | Document   10600 | PDF 1.7 Level 3 (Acrobat 9)                                | Document