PDFCrack | How to Crack Password of PDF Files?

In this tutorial, we’ll be using PDFCrack to open PDF files that are password protected. PDFCrack is a GNU/Linux based Open Source application capable of cracking password of PDF files. It’s a command line tool.

Prerequisite: It’s not necessary but most probably, you’ll need a password dictionary file.

PDFCrack

About

PDFCrack is a GNU/Linux (other POSIX-compatible systems should work too) tool for recovering passwords and content from PDF-files. It is small, command line driven without external dependencies. The application is Open Source (GPL).

Features:

  • Supports the standard security handler (revision 2, 3 and 4) on all known PDF-versions
  • Supports cracking both owner and user passwords
  • Both wordlists and bruteforcing the password is supported
  • Save/Load a running job
  • Simple benchmarking
  • Optimised search for owner-password when user-password is known

Download PDFCrack!

PDFCrack isn’t pre-installed in Kali Linux but you can install it using the simple apt-get command. Open the terminal and follow the instructions:

Terminal | Update Repository List and Download
[email protected]:~# apt-get update

[email protected]:~# apt-get install pdfcrack 

Note: To install any application in your Linux-distro, you need to have root/superuser privileges.

Help Manual

Syntax: pdfcrack –f file.pdf [Options]

You can find options of PDFCrack by typing following commands at terminal.

Terminal | PDFCrack Help Manual
[email protected]:~# pdfcrack

[email protected]:~# man pdfcrack 

Alternatives | Online Tool

If you are someone, who reached here looking for ways to recover password of your protected PDF file and you’re not interested in learning about this tool. Then, here is an alternative way for you:

  • Just upload PDF file at pdfcrack.com and press crack button.

Cracking Password of PDF Files!

This tool provides several options to recover password of your password protected PDF files. Let’s begin learning few commands:

Bruteforcing

Cracking password of PDF file is as simple as running the following command:

Terminal | Fcrackzip
[email protected]:~# pdfcrack –f file.pdf

If your file is present in download folder then your command will look like something:

Terminal | Fcrackzip
[email protected]:~# pdfcrack –f ./downloads/file.pdf

You can also do a benchmark test:

Terminal | PDFCrack Benchmark
[email protected]:~# pdfcrack –b

Dictionary Attack

You can also launch a password dictionary attack against password protected PDF file using PDFCrack tool. The command is:

Kali Terminal | Dictionary Attack
[email protected]:~# pdfcrack file.pdf –w ./downloads/rockyou.txt

Here, rockyou.txt is a password file stored in ‘downloads’ folder.

Speed Up the Bruteforcing

If you know that password is between 4 to 8 characters, you can save time by making following command:

Terminal | Speed Up Bruteforcing
[email protected]:~# pdfcrack –f file.pdf –n 4 –m 8

This will skip passwords smaller than 4 characters and will stop at reaching maximum length (in our case it’s 8).

Moreover, to speed up the entire process, you can feed pdfcrack with a subset of characters to try, using the -c option. The below example would use the letters ‘a’, ‘b’, ‘c’, ‘d’, ‘e’, and numbers ‘1’, ‘2’, ‘3’, ‘4’.

Terminal | Speed Up Bruteforcing
[email protected]:~# pdfcrack -f file.pdf -c abcde1234

### IMAGE ####

Countermeasures | Protect your PDF files

Most bank E-statements are send to account holders in password protected PDF files. These PDF has personal account details and information about transaction made in recent.

Some government and other official documents are also sent in PDF (some of them are password protected as well).

Therefore, it’s important to protect your PDF files even when they have password protected already.

As you can see that password is recovered using brute-forcing method (all possible combinations of English alphabets are tried) or dictionary attack (limited password are tried, made of meaningful words).

Now, the only way to secure your PDF (from tools such as PDFCrack) is to choose a strong password (a password that will take months or even years to get crack).

You may also like...