Monday, July 11, 2016

Simple PDF Brute Force Tool using GhostScript 9.09

I've had to deal with a lot of PDF's that come in either Secured (cannot copy, cannot print) or Password Protected (requires password to open) lately.

Using GhostScript you can make a simple brute force tool to attack these password protected PDF's.

I'm well aware there are commercial options for doing this, but I don't like to pay money for something I can figure out myself. My method is not as fast or feature rich, but it can get the job done.

You'll need to install GhostScript, I used revision 9.09, if you're using a newer or older version adjust the script below accordingly for the executable paths.

You'll also need a dictionary file (%userprofile%\desktop\passwords.txt) <- adjust accordingly.

With the way this script is written, you can simply drag and drop the PDF file onto the batch file icon, or pass it as a variable ex: bruteforece.bat Path.to.PDF.pdf

@echo off
setlocal enabledelayedexpansion
Title Performing Magic, please wait...
for /f "tokens=* delims=" %%a in (%userprofile%\desktop\passwords.txt) do (
echo Trying password: %%a
"C:\Program Files (x86)\gs\gs9.09\bin\gswin32c.exe" -q -sPDFPassword=%%a %1
if !errorlevel! == 0 echo Password is %%a & pause > nul
cls
)
echo password not found
pause
exit