02-21-2015, 02:49 AM
(This post was last modified: 02-21-2015, 05:23 PM by SopalajoArrierez.)
Here is the complete procedure (thanks you all who helped, boys):
- Download "pdf2john.py" from the suite "John the Ripper":
- Run "pdf2john.py" file from wherever you want on your .pdf file, leaving only characters between (inside) the ":" :
Note the two "sed" commands, intended to filter the output string. For example, the original:
... would finish as the appropriate (for OCLHashCat):
Or you can do it step by step:
Windows edition could be (it worked for me, it seems no matter the CR/LF issue with text files):
... and remove all the stuff outside the ":" (included).
- The file "MyPDF-Hash.txt" is now ready to process with OCLHashCat. Good cracking!
NOTES:
- Works on both Linux shell and CygWin (python required).
- If you do this from Windows but without CygWin (for example, by using another Python interpreter), remember that the "sed" utility included in UnxUtils (for Windows) can not work (as for today, February 2015) with single quotes ('), so use double quotes instead ("):
P.S: Of course, this can be added to the Wiki as a Tutorial or whatever, if Atom considers it OK :-) .
- Download "pdf2john.py" from the suite "John the Ripper":
Code:
wget https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.zip
unzip bleeding-jumbo.zip
cp JohnTheRipper-bleeding-jumbo/run/pdf2john.py .- Run "pdf2john.py" file from wherever you want on your .pdf file, leaving only characters between (inside) the ":" :
Code:
./pdf2john.py MyPDF.pdf | sed 's/::.*$//' | sed 's/^.*://' > MyPDF-Hash.txtNote the two "sed" commands, intended to filter the output string. For example, the original:
Code:
MyPDF.pdf:$pdf$4*4*128*-1028*1*16*652fc762fdb12c47a5f90ddd2b99b809*32*dd
86d858f914809078a4a47348d32c0fc4e9c08042a10e6434b48b698de7731f*32*3c1e693526d5bc
8da15b99eea6cbc6ed2c2397e23e2c39d1974fdc004c588cff:::::MyPDF.pdf... would finish as the appropriate (for OCLHashCat):
Code:
$pdf$4*4*128*-1028*1*16*652fc762fdb12c47a5f90ddd2b99b809*32*dd86d858f914809078a4a47348d32c0fc4e9c08042a10e6434b48b698de7731f*32*3c1e693526d5bc8da15b99eea6cbc6ed2c2397e23e2c39d1974fdc004c588cffOr you can do it step by step:
Code:
./pdf2john.py MyPDF.pdf > MyPDF-Hash.txt
nano MyPDF-Hash.txtWindows edition could be (it worked for me, it seems no matter the CR/LF issue with text files):
Code:
notepad MyPDF-Hash.txt... and remove all the stuff outside the ":" (included).
- The file "MyPDF-Hash.txt" is now ready to process with OCLHashCat. Good cracking!
NOTES:
- Works on both Linux shell and CygWin (python required).
- If you do this from Windows but without CygWin (for example, by using another Python interpreter), remember that the "sed" utility included in UnxUtils (for Windows) can not work (as for today, February 2015) with single quotes ('), so use double quotes instead ("):
Code:
./pdf2john.py MyPDF.pdf | sed "s/::.*$//" | sed "s/^.*://" > MyPDF-Hash.txtP.S: Of course, this can be added to the Wiki as a Tutorial or whatever, if Atom considers it OK :-) .