02-20-2015, 05:52 PM
Quote:METHOD COMPLETED at post #6.
In order to test the PDF attack feature of OCLHashCat, I am using these sample hashes files:
+ Sample non-hashes (to be) supported by JtR
https://openwall.info/wiki/john/sample-non-hashes
For example, this one:
https://openwall.info/wiki/_media/john/pdf_samples.tar
And this file from there in:
test-3-RC4-40-open-testpassword.pdf
So I extract it (from Linux shell) by using PDF2John from John the Ripper suite:
Code:
$ ./pdf2john test-3-RC4-40-open-testpassword.pdf test-3-RC4-40-open-testpassword.pdf:$pdf$Standard*9a1156c38ab8177598d1608df7d7e340ae639679bd66bc4cda9bc9a4eedeb170*1f300cd939dd5cf0920c787f12d16be22205e55a5bec5c9c6d563ab4fd0770d7*16*c015cff8dbf99345ac91c84a45667784*1*1*0*1*6*40*-4*2*1
$ ./pdf2john test-3-RC4-40-open-testpassword.pdf > test3.txt
n$ cat test3.txt
test-3-RC4-40-open-testpassword.pdf:$pdf$Standard*9a1156c38ab8177598d1608df7d7e340ae639679bd66bc4cda9bc9a4eedeb170*1f300cd939dd5cf0920c787f12d16be22205e55a5bec5c9c6d563ab4fd0770d7*16*c015cff8dbf99345ac91c84a45667784*1*1*0*1*6*40*-4*2*1
And now I try to crack it (from PowerShell at Windows 7 SP1):
Code:
PS C:\Users\Luis> oclhashcat64 "test3.txt" -m 10400 -a 3 anypassword
oclHashcat v1.33 starting...
WARNING: Hashfile 'test3.txt' in line 1 (test-3-RC4-40-open-testpassword.pdf:$pdf$Standard*9a1156c38ab8177598d1608df7d7e340ae639679bd66bc4cda9bc9a4eedeb170*1f300cd939dd5cf0920c787f12d16be22205e55a5bec5c9c6d563ab4fd0770d7*16*c015cff8dbf99345ac91c84a45667784*1*1*0*1*6*40*-4*2*1): Line-length exception
Parsed Hashes: 1/1 (100.00%)
ERROR: No hashes loaded
Any hash type (10400, 10410, 10420, 10500, 10600, 10700) fail.
If I modify the "test3.pdf" file and remove the "test-3-RC4-40-open-testpassword.pdf:" part, the attacks keep failing.
I think the problem comes, acording to this thread, from the PDF hash file format, that should rather be something like (supposed example for RC4-40 cyphering):
Code:
$pdf$1*2*40*-4*1*16*c015cff8dbf99345ac91c84a45667784*32*1f300cd939dd5cf0920c787f12d16be22205e55a5bec5c9c6d563ab4fd0770d7*32*9a1156c38ab8177598d1608df7d7e340ae639679bd66bc4cda9bc9a4eedeb170:$HEX[db34433720]
If this is the kind of hash file that must be generated, what is the method to achieve it?
Thanks you.