Matthew McCorkle

Day 26 - PDFCrack - 100 tools in 100 days!

1 . Introduction
2 . My Setup
3 . What is PDFCrack?
4 . Why use PDFCrack?
5 . How to use PDFCrack?
6 . Summary


This post is designed to introduce you to the tool PDFCrack.

Disclaimer: Please only use PDFCrack for professional and educational reasons. Do not use this tool for nefarious or malicious reasons.


1. Introduction

Welcome to the twenty-sixth blog post of 100 tools in 100 days.

Find PDFCrack here: http://pdfcrack.sourceforge.net/.


2. My Setup

For running the PDFCrack tool, I used Kali Linux in a VMware Workstation 16 Player virtualized environment.


3. What is PDFCrack?

PDFCrack is a tool to crack password protected PDFs. All you need is a protected PDF and a wordlist of passwords to attempt cracking the PDF. Of course, not all password protected PDFs use weak passwords so this may not always work in your favor.


4. Why use PDFCrack?

Example 1: You worked on a research project many years ago and it is time to clean up / remove the data collected during the project as it was considered personally identifiable and is now within the mandatory window of deletion. You may have some data in a password protected PDF but you forgot the password and want to verify the file contains data that requires deletion before deleting the file.

You could use PDFCrack to attempt to find the password of your PDF file.

Example 2: You are a penetration tester and found password protected documents during a test. You can use PDFCrack to potentially unlock the document and observe contents that may benefit you during the rest of the testing.


5. How to use PDFCrack?

Step 1:
You need a password protected PDF so head over to:

https://www.ilovepdf.com/protect-pdf

Submit a PDF for password protection and download that PDF. 

I would not submit legitimately sensitive documents to any online 
source for processing, for this example I would use a non sensitive PDF.

For ease of demonstration, I used the password 'password'.


Step 2:
Verify the PDF is password protected by trying to open it and you should see a password prompt.


Step 3:
To see the help page for PDFCrack type:

pdfcrack -h


Step 4:
Using the help page from PDFCrack I ran the following command 
using the rockyou.txt wordlist.


pdfcrack -f THIS_PDF_WAS_PASSWORD_PROTECTED.pdf -w /usr/share/wordlists/rockyou.txt


In less than 1 second PDFCrack was able to crack the protected PDF password and found the password to be ‘password’.

6. Summary

Please only use PDFCrack on PDFs that you are legally allowed to own. Do not use this tool to crack proprietary PDFs unless you have explicit permission during penetration testing to do so.

I hope you never lock yourself out of a PDF and if you do, try PDFCrack!

I hope you enjoyed this blog post.

Thanks for reading!

If you have suggestions for what tool to cover next, contact me!