Accessing locked pdf using crunch and JohnTheRipper
Background
crunch generates wordlists from a character set according to user-defined patterns and string lengths.
JohnTheRipper is designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks. It provides the single crack mode, wordlist mode, and incremental mode.
Challenge
Get access to the contents of locked.pdf given password is of length 5 of only lowercase letters.
Solution
Installation of Tools
### For crunch
sudo apt install crunch
### For JohnTheRipper
sudo apt install libssl-dev
git clone https://github.com/magnumripper/JohnTheRipper.git
export JOHN=$PWD/JohnTheRipper
cd $JOHN/src/
./configure && make
Steps
## In the same session as above
## (we need the environment variable $JOHN)
crunch 5 5 -t @@@@@ -o ~/wordlist.txt
# crunch <lower_length> <upper_length> -t <pattern> -o <output_file>
# @: lowercase letters
$JOHN/run/pdf2john.pl ~/locked.pdf > ~/locked.hash
# Converts the pdf into hash format that JtR can be run upon
$JOHN/run/john --wordlist=$HOME/wordlist.txt ~/locked.hash
# Uses our generated letter combinations to crack the hash