In today's article, I will share examples of cracking password-encrypted pdf files and archive files. I will show examples of working with such programs as pdf crack, rar crack, John the Ripper. Naturally, these programs work on Linux (in my case Kali Linux), but under Windows I think there are analogues of these programs. And yes, in this article I will touch on examples related to john, although there may be articles related to this program on Habré (and in the Russian-speaking segment of the Internet there are definitely descriptions of how to work with it), but in this article my examples will be relevant and necessary. This is a kind of online cheat sheet on using these utilities.
I carried out all the attacks on my personal computer, where I created my own files, which I attacked, that is, all actions are legitimate.
And as always, please do not get personal in the comments, if you find a mistake, flaw or inaccuracy, just write a comment without insults or write me a personal message.
So let's get down to practice
First, we will find and install these programs in the repository
It's the same with rar crack
(sudo apt update is no longer required to be entered since it performed this operation)
Next, I created my pdf from the wikipedia page (Ctrl + P in the browser) and went to the website https://www.ilovepdf.com/ru/protect-pdf where you can encrypt a pdf with a password.
After the operations, it is possible to download an encrypted pdf
Even after we fix the pdf crack issue. Open the terminal (of course) and type in the following (general syntax example):
pdfcrack --dictionary=/path/to the dictionary file/dictionary file /path_encrypt_pdf/encrypted_pdf
Or in my case
pdfcrack --wordlist=/usr/share/wordlists/rockyou.txt 1_protected.pdf
As you can see from the screenshot, the program has selected a dictionary password - freedom4me. Next, all that's left is to enter the password
We find the file, try to open it - it requires a password, enter the selected password:
As you can see, the file has opened
From the first file (which was not encrypted - 1.pdf), I created a rar archive, naturally password-protected.
Let's try to find a password for it.
For the rar crack program, the syntax (in my case) looked like this:
rarcrack 1.pdf.rar
As you can see from the screenshot, the program has selected the password - 56 (although it is elementary).
Next, we go to the archive, see that the contents are encrypted (lock on the file), try to open the file - password requirement, enter the password and get the result:
We try a three-digit password. I have created an encrypted 2.rar archive with a three-digit password.
The algorithm of operations is the same
rar crack 2.rar
We enter the selected password again (in this case 098)
I want to say the following about the aircrack program. This program does not have the ability to search through a dictionary. She tries to sort through all possible combinations, starting with two-digit passwords. Therefore, if the password is complex enough, you need to be patient, have time, and have the computing power of the hardware. And in the help (rar crack --help) it is indicated that the program can select passwords not only for rar archives, but also for zip and 7z. But no matter how much I tried to sort through the passwords for zip and 7z, the program could not find passwords for them (although I encrypted them with two-digit passwords).
However, it is possible to use John the Ripper to select a password for zip and 7z. This utility is pre-installed in Kali Linux OS. Instructions for installing it for other distributions will not be difficult to find.
To begin with, I created two archives - 3.zip and 4.7z, naturally password-protected
Further, the algorithm is as follows
So, the syntax in my case is this (I open the terminal in the same folder where the archives are located):
And here I decided to "look" at the cache and saw "gibberish" (the hash should look like this)
After that, we go through the password using the hash. In my case, the syntax looked like this (with a search through the already familiar dictionary):
And the password was successfully selected.
We are doing the same with the second archive.
The password was successfully selected
Now all that remains is to try to unzip the files, of course you will be asked for a password, which we will enter.
Successfully
And that's all for me today, dear readers, see you soon! And congratulations on the upcoming holidays!
I carried out all the attacks on my personal computer, where I created my own files, which I attacked, that is, all actions are legitimate.
And as always, please do not get personal in the comments, if you find a mistake, flaw or inaccuracy, just write a comment without insults or write me a personal message.
So let's get down to practice
First, we will find and install these programs in the repository
Bash:
apt search pdfcrack
sudo apt update
sudo apt install pdfcrackIt's the same with rar crack
Bash:
sudo apt install aircrackNext, I created my pdf from the wikipedia page (Ctrl + P in the browser) and went to the website https://www.ilovepdf.com/ru/protect-pdf where you can encrypt a pdf with a password.
After the operations, it is possible to download an encrypted pdf
Even after we fix the pdf crack issue. Open the terminal (of course) and type in the following (general syntax example):
pdfcrack --dictionary=/path/to the dictionary file/dictionary file /path_encrypt_pdf/encrypted_pdf
Or in my case
pdfcrack --wordlist=/usr/share/wordlists/rockyou.txt 1_protected.pdf
As you can see from the screenshot, the program has selected a dictionary password - freedom4me. Next, all that's left is to enter the password
We find the file, try to open it - it requires a password, enter the selected password:
As you can see, the file has opened
From the first file (which was not encrypted - 1.pdf), I created a rar archive, naturally password-protected.
Let's try to find a password for it.
For the rar crack program, the syntax (in my case) looked like this:
rarcrack 1.pdf.rar
As you can see from the screenshot, the program has selected the password - 56 (although it is elementary).
Next, we go to the archive, see that the contents are encrypted (lock on the file), try to open the file - password requirement, enter the password and get the result:
We try a three-digit password. I have created an encrypted 2.rar archive with a three-digit password.
The algorithm of operations is the same
rar crack 2.rar
We enter the selected password again (in this case 098)
I want to say the following about the aircrack program. This program does not have the ability to search through a dictionary. She tries to sort through all possible combinations, starting with two-digit passwords. Therefore, if the password is complex enough, you need to be patient, have time, and have the computing power of the hardware. And in the help (rar crack --help) it is indicated that the program can select passwords not only for rar archives, but also for zip and 7z. But no matter how much I tried to sort through the passwords for zip and 7z, the program could not find passwords for them (although I encrypted them with two-digit passwords).
However, it is possible to use John the Ripper to select a password for zip and 7z. This utility is pre-installed in Kali Linux OS. Instructions for installing it for other distributions will not be difficult to find.
To begin with, I created two archives - 3.zip and 4.7z, naturally password-protected
- Using the utility, we create a hash of the archive file
- We use the utility to sort passwords using a hash
So, the syntax in my case is this (I open the terminal in the same folder where the archives are located):
Bash:
zip 2 john 3.zip > hash.txtAnd here I decided to "look" at the cache and saw "gibberish" (the hash should look like this)
Bash:
cat hash.txtAfter that, we go through the password using the hash. In my case, the syntax looked like this (with a search through the already familiar dictionary):
Bash:
john --wordlist=/usr/share/wordlists/rockyou.txt --format=zip hash.txtAnd the password was successfully selected.
We are doing the same with the second archive.
Bash:
7z2john 3.zip > 7z.hash
John --wordlist=/usr/share/wordlists/rockyou.txt --format=7z 7z.hashThe password was successfully selected
Now all that remains is to try to unzip the files, of course you will be asked for a password, which we will enter.
Successfully
And that's all for me today, dear readers, see you soon! And congratulations on the upcoming holidays!
