Crackq: crack PDF passwords

pdfWe explored a few options to crack PDF password on Linux in an earlier article. Crackq is a new open source python utility from Hashcrack to do the same. Only in this case the utility sends the block containing the encryption information to Hashcrask server and uses GPU-accelerated brute force against a massive dictionary of 6.3GB to crack the PDF.

You need to buy submission quota to use Hashcrack service. However, it is a powerful service under development with support being extended to WPA/WPA2 encryption which is one of the main reasons we decided on covering it. The other reason being a unique service using advanced technology.

Crackq is intended to be used for detecting weak passwords. An illegal use is not desired.

The following hash formats (algorithms) are supported at the time of writing:

  • Password protected PDF files (v1.4 – v1.6)
  • NTLM
  • MD5
  • SHA1
  • WPA / WPA2 PSK
  • VPN IPSec IKE (aggressive mode) MD5
  • descrypt / DES(Unix)
  • md5crypt / FreeBSD MD5 / Cisco IOS MD5 / MD5(Unix)
  • PHPass MD5 (WordPress, Joomla, phpBB3)

PDF versions 1.4 to 1.6 are supported at the time fo writing. You can verify the version of your PDF on Linux using:

$ hexdump -C mypdf.pdf | more
00000000  25 50 44 46 2d 31 2e 34  0a 25 e2 e3 cf d3 0a 34  |%PDF-1.4.%.....4|
00000010  20 30 20 6f 62 6a 20 0a  3c 3c 0a 2f 42 6f 72 64  | 0 obj .<<./Bord|

As you can see, the PDF file we are testing is of version 1.4.

Usage

1. Create an account with hashcrack. Let’s say your email is user@domain.com.

2. You will get your API key when you login. Note it.

3. Download Crackq:

$ git clone https://github.com/vnik5287/Crackq

4. Start cracking target pdf:

$ Crackq/crackqcli.py -t pdf ~/Downloads/study/block_drivers.pdf
Crackq client 0.3.2
support@hashcrack.org
[+] Checking the current client version...
Enter your API key:c2c896523fd71581461572e9124707eb4e3359bac559c8d7b9378b0c0b240815
[+] Retrieving email...
[+] Results will be emailed to: user@domain.com
...

The time to crack varies depending on the password.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s