We explored a few options to crack PDF password on Linux in an earlier article. Crackq is a new open source python utility from Hashcrack to do the same. Only in this case the utility sends the block containing the encryption information to Hashcrask server and uses GPU-accelerated brute force against a massive dictionary of 6.3GB to crack the PDF.
You need to buy submission quota to use Hashcrack service. However, it is a powerful service under development with support being extended to WPA/WPA2 encryption which is one of the main reasons we decided on covering it. The other reason being a unique service using advanced technology.
Crackq is intended to be used for detecting weak passwords. An illegal use is not desired.
The following hash formats (algorithms) are supported at the time of writing:
- Password protected PDF files (v1.4 – v1.6)
- WPA / WPA2 PSK
- VPN IPSec IKE (aggressive mode) MD5
- descrypt / DES(Unix)
- md5crypt / FreeBSD MD5 / Cisco IOS MD5 / MD5(Unix)
- PHPass MD5 (WordPress, Joomla, phpBB3)
PDF versions 1.4 to 1.6 are supported at the time fo writing. You can verify the version of your PDF on Linux using:
$ hexdump -C mypdf.pdf | more 00000000 25 50 44 46 2d 31 2e 34 0a 25 e2 e3 cf d3 0a 34 |%PDF-1.4.%.....4| 00000010 20 30 20 6f 62 6a 20 0a 3c 3c 0a 2f 42 6f 72 64 | 0 obj .<<./Bord|
As you can see, the PDF file we are testing is of version 1.4.
1. Create an account with hashcrack. Let’s say your email is firstname.lastname@example.org.
2. You will get your API key when you login. Note it.
3. Download Crackq:
$ git clone https://github.com/vnik5287/Crackq
4. Start cracking target pdf:
$ Crackq/crackqcli.py -t pdf ~/Downloads/study/block_drivers.pdf Crackq client 0.3.2 email@example.com [+] Checking the current client version... Enter your API key:c2c896523fd71581461572e9124707eb4e3359bac559c8d7b9378b0c0b240815 [+] Retrieving email... [+] Results will be emailed to: firstname.lastname@example.org ...
The time to crack varies depending on the password.