Results 1 to 9 of 9

Thread: PDF PW removal

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default PDF PW removal

    I apologize in advance if this is posted in the wrong forum, I did a search of the forums, but I found nothing related to PDF's.

    I have a user who has found a PDF document related to himself on our network, that is password protected, He doesn't care what the password is, but obviously he wants to know what kind of document is being stored on him. I tried running it through APDFPR, basic dictionary attack failed, and brute force is projected for a day. I don't have time for that.

    Can anyone suggest how I can remove the PW without going through the cracking process?
    "You're only smoke and mirrors..."

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by SephStorm View Post
    I apologize in advance if this is posted in the wrong forum, I did a search of the forums, but I found nothing related to PDF's.

    I have a user who has found a PDF document related to himself on our network, that is password protected, He doesn't care what the password is, but obviously he wants to know what kind of document is being stored on him. I tried running it through APDFPR, basic dictionary attack failed, and brute force is projected for a day. I don't have time for that.

    Can anyone suggest how I can remove the PW without going through the cracking process?
    Shouldn't he ask whomever created the document that is stored inside?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Theoreticly. Concider the remote but possible senario of blackmail, or anouther nefarious purpose.

    This user is a supervisor at my company, while we dont work together, I trust his judgement in this situation.

    Assume this was you, you find documents pertaining to yourself and junior members of your company. You could assume that they are innocent reports of job reliability and what not, but more than likely if this were the case they would have been stored on a local drive or restricted access server, if they are for use of the management.

    Instead you find these doccuments on a publicly accessable server and they are password protected. i would say the user is within his rights to know what is in the document in reguards to himself and his subordinantes.
    "You're only smoke and mirrors..."

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by SephStorm View Post
    Theoreticly. Concider the remote but possible senario of blackmail, or anouther nefarious purpose.

    This user is a supervisor at my company, while we dont work together, I trust his judgement in this situation.

    Assume this was you, you find documents pertaining to yourself and junior members of your company. You could assume that they are innocent reports of job reliability and what not, but more than likely if this were the case they would have been stored on a local drive or restricted access server, if they are for use of the management.

    Instead you find these doccuments on a publicly accessable server and they are password protected. i would say the user is within his rights to know what is in the document in reguards to himself and his subordinantes.
    If you what you say is true, then all the more reason to follow proper channels and demand to see what's in them.

    Attempting to side step the correct process can only lead to trouble.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Very well, thank you for your assistance.
    "You're only smoke and mirrors..."

  6. #6
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Well you're (my) first step would be to extract the headers while another copy is cooking on the cracker. This may tell you who made said pdf and provide a bit of leverage in the meantime. And what streaker said.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  7. #7
    Junior Member
    Join Date
    Mar 2006
    Posts
    34

    Default

    Who and why deleted my post?

  8. #8
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    1

    Default

    Most security is stored in the first page of a pdf. get a third party pdf editing tool, i use the older version of pdf995 edit, open the pdf, save the 2nd page thru end in one document, then save pages 1 thru 1 on the other, merge them back together voila. i cant remember if this works with passwords also, but its worth a try.

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    Theoreticly. Concider the remote but possible senario of blackmail, or anouther nefarious purpose.
    Generally speaking it is hard to black mail someone who has done nothing wrong. Like streaker69 said use the proper channels to have the issue resolved. I am sure the labor dept, could be of help if the company is not.
    Not to mention if there is a union then they could also be of help.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •