meta data for this page
  •  

This is an old revision of the document!

password cracking

hashcat

Benchmarks: 

hashcat -b -m 10500 -D 1
* Device #2: cpu-haswell-AMD Ryzen 5 5500, 14928/29921 MB (4096 MB allocatable), 12MCU
Speed.#2.........:   573.9 kH/s (19.71ms) @ Accel:1024 Loops:70 Thr:1 Vec:8
* Device #1: cpu-skylake-avx512-AMD Ryzen 9 9950X 16-Core Processor, 29888/59841 MB (8192 MB allocatable), 32MCU
Speed.#1.........:  2643.5 kH/s (10.54ms) @ Accel:1024 Loops:70 Thr:1 Vec:16
hashcat -b -m 10500 -D 2
* Device #1: NVIDIA GeForce GTX 1660 SUPER, 4352/5927 MB (1481 MB allocatable), 22MCU
Speed.#1.........: 12497.0 kH/s (47.64ms) @ Accel:1024 Loops:70 Thr:32 Vec:1

PDF

file document.pdf 
document.pdf: PDF document, version 1.6, 1 page(s)

Use pdf2john to extract password hash: 

/home/user/pdf2john/.venv/bin/pdf2john document.pdf
$pdf$4*4*128*-12*1*16*<32 hex chars = 16bytes>*32*<hex chars>*32*<hex chars>
 
/home/user/pdf2john/.venv/bin/pdf2john document.pdf > hash.txt
$ john --verbosity=6 hash_john.txt 
initUnicode(UNICODE, UTF-8/ISO-8859-1)
UTF-8 -> UTF-8 -> UTF-8
Using default input encoding: UTF-8
Loaded 1 password hash (PDF, PDF encrypted document [MD5-RC4 / SHA2-AES 32/64])
Cost 1 (revision) is 4 for all loaded hashes
Cost 2 (key length) is 128 for all loaded hashes

$pdf$4*4*128*-12*1*16*:

  • $pdf$4: Indicates the PDF format.
  • 4: Revision number (R). Revision 4 indicates 128-bit AES/ARC4 encryption
  • 4: Version of the encryption algorithm (V)
  • 128: Length of the key in bits (128-bit).
  • -12 (or another number): Length of the encryption data, often indicating permission settings, sometimes shown as a specific number of rounds in hashing algorithms.
  • 1: Type of encryption (e.g., 1 for Standard).
  • 16: Length of the user password hash/salt.
  • <Hex Salt>: This is the User Password/Owner Password information and salts derived from the PDF.

Install hashcat 

apt install hashcat-nvidia
hashcat --help
 
  10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4)                              | Document
  10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1                 | Document
  10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2                 | Document
  10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8)                              | Document
  25400 | PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass        | Document
  10600 | PDF 1.7 Level 3 (Acrobat 9)                                | Document
  10700 | PDF 1.7 Level 8 (Acrobat 10 - 11)                          | Document

Find password which is a PESEL number (11 digits) 

#                                           1 2 3 4 5 6 7 8 9 0 1
hashcat -m 10500 hash.txt -a 3 --increment ?d?d?d?d?d?d?d?d?d?d?d