05-22-2020, 11:06 PM
Hi,
New user here, unfortunately, I need some help.
I've been trying to decrypt a PDF document which is a corp document sent to me. I have the password, but this activity is for demonstration purposes. I want to demonstrate the issues with password protecting/encrypting PDF.
I've used PDF2John to generate my hash before running it through Hashcat. Unfortunately, I'm receiving the error message Token Length Exception when attempting the process.
My command is as follows
hashcat64.exe -a 3 -m 10500 -d 1 -o out.txt --outfile-format=14 hash.txt
As my hash starts $pdf$2*3*128* I'm pretty confident I've got the correct hash mode.
I've used peepdf to check the encryption, it confirms it as;
I've also tested the process on an additional encrypted PDF file I generated using current Word using the following command, and it worked.
I've compared my hash to other examples I've found, and I believe my issue is something to do with the length and structure.
My redacted hash looks like this;
This seems short and also the element values (I think) are 32 rather than 16???? Not sure why
While attempting to resolve this, I've also built the latest jumbo JTR under The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and Cygwin, PDF2John still spits out the same hash value.
I'm a beyond my understanding of what I might be doing wrong or how to correct this with Hashcat.
Thanks for the help
New user here, unfortunately, I need some help.
I've been trying to decrypt a PDF document which is a corp document sent to me. I have the password, but this activity is for demonstration purposes. I want to demonstrate the issues with password protecting/encrypting PDF.
I've used PDF2John to generate my hash before running it through Hashcat. Unfortunately, I'm receiving the error message Token Length Exception when attempting the process.
My command is as follows
hashcat64.exe -a 3 -m 10500 -d 1 -o out.txt --outfile-format=14 hash.txt
As my hash starts $pdf$2*3*128* I'm pretty confident I've got the correct hash mode.
I've used peepdf to check the encryption, it confirms it as;
Code:
Encrypted: True (RC4 128 bits)I've also tested the process on an additional encrypted PDF file I generated using current Word using the following command, and it worked.
Code:
hashcat64.exe -a 3 -m 10500 -d 1 -o out.txt --outfile-format=14 hash2.txtI've compared my hash to other examples I've found, and I believe my issue is something to do with the length and structure.
My redacted hash looks like this;
Code:
$pdf$2*3*128*-36*1*0**32*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx*32*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxThis seems short and also the element values (I think) are 32 rather than 16???? Not sure why
While attempting to resolve this, I've also built the latest jumbo JTR under The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) and Cygwin, PDF2John still spits out the same hash value.
I'm a beyond my understanding of what I might be doing wrong or how to correct this with Hashcat.
Thanks for the help