in this new post, I just will explain how to bruteforce simple password used to protected a PDF. There are a lot of free tools on Windows or Linux to do that but I chose pdfcrack. I made this demonstration on a Linux Mint 18.1 Serena. To install the tool, simply use standard apt command.
fl0at0xff@bl00b ~ $ sudo apt-get install pdfcrack
I you have not a protected PDF, you can easily create one using the tool named pdftk. This tool allows you to set a password on a PDF file.
fl0at0xff@bl00b ~ $ sudo apt-get install pdftk
I assume that you have a PDF named demo.pdf. Use this command to set the adm1n password.
fl0at0xff@bl00b ~ $ pdftk demo.pdf output demoprotected.pdf userpw adm1n
The output file is renamed to demoprotected.pdf
Now, to crack it you can simply run the following command:
fl0at0xff@bl00b ~ $ pdfcrack -f demoprotected.pdf
Password cracking using bruteforce technique is a long and tedious process. Like you know, this tool will try to guess the password with a serie of words which can take a long time, especially since it appears to be a single threaded tool utilizing only one CPU core regardless of you hardware. You can verify this information using htop command.
To speed up the process, you can set some options. A very useful one is the minimum and maximum password lenght. Indeed, it is very rare for a password to be less than 4 characters. It is therefore not necessary to test all possible passwords from 1 to 3 characters. If you think the maximum size is 8 characters, you can also specify it.
fl0at0xff@bl00b ~ $ pdfcrack -f demoprotected.pdf -n 4 -m 8
In addition to this, it is possible to define the charset to use. Indeed, if you think that the password only contains lower cases and numbers, you can define it like this:
fl0at0xff@bl00b ~ $ pdfcrack -f demoprotected.pdf -n 4 -m 8 -c abdcefghijklmnopqrstuvwxyz0123456789
For this example, the password is 5 characters length and just contains lower cases and a number.
fl0at0xff@bl00b ~ $ pdfcrack -f demoprotected.pdf -n 5 -m 5 -c abdcefghijklmnopqrstuvwxyz0123456789 PDF version 1.4 Security Handler: Standard V: 2 R: 3 P: -3904 Length: 128 Encrypted Metadata: True FileID: 7539d0c14667edc186fae6b2e48acc4b U: e20cdb90a4e8554a71ed1188bfc70f9f00000000000000000000000000000000 O: 5628859c2538b44356cb08cbd32e30780fad48eb4ef92da774789070d8bb1572 Average Speed: 30897.0 w/s. Current Word: '82ina' Average Speed: 31659.5 w/s. Current Word: 'vn30a' Average Speed: 21563.2 w/s. Current Word: 'ffcab' Average Speed: 27206.5 w/s. Current Word: '49zlb' Average Speed: 31744.7 w/s. Current Word: '15lzb' found user-password: 'adm1n'
That’s it !