Recently, we were taking the IEEE Day Badge Challenge in https://ieee-collabratec.ieee.org/. We wanted to give another go on solving the clues, so instead of following the clues to open the encrypted and password-protected PDFs, we got the clue that the password is composed only of numeric digits and we used
pdfcrack to open the files!
pdfcrack using the following command:
sudo apt-get install pdfcrack;
$ sudo apt-get install pdfcrack [sudo] password for bob: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: pdfcrack 0 upgraded, 1 newly installed, 0 to remove and 28 not upgraded. Need to get 31,0 kB of archives. After this operation, 90,1 kB of additional disk space will be used. Get:1 http://cy.archive.ubuntu.com/ubuntu focal/universe amd64 pdfcrack amd64 0.18-2 [31,0 kB] Fetched 31,0 kB in 1s (40,1 kB/s) Selecting previously unselected package pdfcrack. (Reading database ... 452721 files and directories currently installed.) Preparing to unpack .../pdfcrack_0.18-2_amd64.deb ... Unpacking pdfcrack (0.18-2) ... Setting up pdfcrack (0.18-2) ... Processing triggers for man-db (2.9.1-1) ...
To crack the files, we used the following commands that limited the input to the numeric digits and got the password back in seconds on a normal CPU:
pdfcrack -f IEEE+Day+2021+Clue++3.pdf -c 0123456789;
bob@Linux:~$ pdfcrack -f IEEE+Day+2021+Clue++3.pdf -c 0123456789 PDF version 1.7 Security Handler: Standard V: 2 R: 3 P: -1060 Length: 128 Encrypted Metadata: True FileID: 79c15a021438224ba4df58b0e7fa9a20 U: 4990feee0d63f411cf4eba3c1346ff2100000000000000000000000000000000 O: cc5e6a95577573cac6f6683d4c7f02d6605fe42e5622feb6dc36636263ba838e found user-password: '490000' bob@Linux:~$ pdfcrack -f IEEE+Day+2021+Clue++5.pdf -c 0123456789 PDF version 1.7 Security Handler: Standard V: 2 R: 3 P: -1060 Length: 128 Encrypted Metadata: True FileID: cf72bd9b3fb24145a6d2b578fa52c0e4 U: 8cd5ea45b59168ca10674bdd81f06f5800000000000000000000000000000000 O: 70301a6ff93ac7a91c28895180e8ad57a41388d2b7f3a813b83f4b3fd5274945 Average Speed: 49297.7 w/s. Current Word: '348478' found user-password: '1470000'
Information on the version we used is below:
$ apt info pdfcrack Package: pdfcrack Version: 0.18-2 Priority: optional Section: universe/utils Origin: Ubuntu Maintainer: Ubuntu Developers <[email protected]> Original-Maintainer: Joao Eriberto Mota Filho <[email protected]> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 90,1 kB Depends: libc6 (>= 2.14) Suggests: pdf-viewer Homepage: http://pdfcrack.sf.net Download-Size: 31,0 kB APT-Manual-Installed: yes APT-Sources: http://cy.archive.ubuntu.com/ubuntu focal/universe amd64 Packages Description: PDF files password cracker PDFCrack is a simple tool for recovering passwords from pdf-documents. . It should be able to handle all pdfs that uses the standard security handler but the pdf-parsing routines are a bit of a quick hack so you might stumble across some pdfs where the parser needs to be fixed to handle. . The main PDFCrack features are: . - Supports the standard security handler (revision 2, 3 and 4) on all known PDF-versions. - Supports cracking both owner and userpasswords. - Both wordlists and bruteforcing the password are supported. - Simple permutations (currently only trying first character as Upper Case). - Save and load a running job. - Simple benchmarking. - Optimised search for owner-password when user-password is known. . This program can be used in forensics investigations or similar activities, to legal password crack.