meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
sw:password_cracking [2026/05/14 08:49] niziaksw:password_cracking [2026/05/14 11:41] (current) niziak
Line 1: Line 1:
 ====== password cracking ====== ====== password cracking ======
 +
 +===== hashcat =====
 +
 +Benchmarks:
 +<code bash>
 +hashcat -b -m 10500 -D 1
 +* Device #2: cpu-haswell-AMD Ryzen 5 5500, 14928/29921 MB (4096 MB allocatable), 12MCU
 +Speed.#2.........:   573.9 kH/s (19.71ms) @ Accel:1024 Loops:70 Thr:1 Vec:8
 +</code>
 +
 +<code bash>
 +* Device #1: cpu-skylake-avx512-AMD Ryzen 9 9950X 16-Core Processor, 29888/59841 MB (8192 MB allocatable), 32MCU
 +Speed.#1.........:  2643.5 kH/s (10.54ms) @ Accel:1024 Loops:70 Thr:1 Vec:16
 +</code>
 +
 +<code bash>
 +hashcat -b -m 10500 -D 2
 +* Device #1: NVIDIA GeForce GTX 1660 SUPER, 4352/5927 MB (1481 MB allocatable), 22MCU
 +Speed.#1.........: 12497.0 kH/s (47.64ms) @ Accel:1024 Loops:70 Thr:32 Vec:1
 +</code>
 +
 +
 +[[https://hashcat.net/wiki/doku.php?id=mask_attack]]
  
 ===== PDF ===== ===== PDF =====
 +
 <code bash> <code bash>
 file document.pdf  file document.pdf 
Line 11: Line 35:
 <code bash> <code bash>
 /home/user/pdf2john/.venv/bin/pdf2john document.pdf /home/user/pdf2john/.venv/bin/pdf2john document.pdf
-$pdf$4*4*128*-12*1*16*...+$pdf$4*4*128*-12*1*16*<32 hex chars = 16bytes>*32*<hex chars>*32*<hex chars>
  
 /home/user/pdf2john/.venv/bin/pdf2john document.pdf > hash.txt /home/user/pdf2john/.venv/bin/pdf2john document.pdf > hash.txt
 </code> </code>
 +
 +<code bash>
 +$ john --verbosity=6 hash_john.txt 
 +initUnicode(UNICODE, UTF-8/ISO-8859-1)
 +UTF-8 -> UTF-8 -> UTF-8
 +Using default input encoding: UTF-8
 +Loaded 1 password hash (PDF, PDF encrypted document [MD5-RC4 / SHA2-AES 32/64])
 +Cost 1 (revision) is 4 for all loaded hashes
 +Cost 2 (key length) is 128 for all loaded hashes
 +</code>
 +
 +''$pdf$4*4*128*-12*1*16*'':
 +  * $pdf$4: Indicates the PDF format.
 +  * 4: Revision number (R). Revision 4 indicates 128-bit AES/ARC4 encryption
 +  * 4: Version of the encryption algorithm (V)
 +  * 128: Length of the key in bits (128-bit).
 +  * -12 (or another number): Length of the encryption data, often indicating permission settings, sometimes shown as a specific number of rounds in hashing algorithms.
 +  * 1: Type of encryption (e.g., 1 for Standard).
 +  * 16: Length of the user password hash/salt.
 +  * <Hex Salt>: This is the User Password/Owner Password information and salts derived from the PDF.
  
 Install ''hashcat'' Install ''hashcat''