[email protected]

+1 (512) 588 6950

Easy steps to Crack Password Protected Microsoft Office File

Home/Easy steps to Crack Password P...

Easy steps to Crack Password Protected Microsoft Office Files -Word Docs & Excel Spreadsheets

Easy steps to Crack Password Protected Microsoft Office File

Step 1: Install Office2John

~# wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/office2john.py --2019-02-05 14:34:45-- https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/office2john.py Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.148.133 Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.148.133|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 131690 (129K) [text/plain] Saving to: 'office2john.py' office2john.py 100%[=======================================================================>] 128.60K --.-KB/s in 0.09s 2019-02-05 14:34:46 (1.45 MB/s) - 'office2john.py' saved [131690/131690]

Step 2: Make Sure Everything’s in the Same Directory

Step 3: Extract the Hash with Office2john

~# python office2john.py dummy.docx > hash.txt
~# cat hash.txt dummy.docx:$office$*2007*20*128*16*a7c7a4eadc2d90fb22c073c6324b6b49*abc5f80409f5f96f97e184e44aacd0b7*930b0c48a7eb5e13a57af4f3030b48e9402b6870

Step 4: Crack the Hash You Just Saved

Option 1: Cracking with John

~# john --wordlist=/usr/share/wordlists/nmap.lst hash.txt Using default input encoding: UTF-8 Loaded 1 password hash (Office, 2007/2010/2013 [SHA1 128/128 SSE2 4x / SHA512 128/128 SSE2 2x AES]) Cost 1 (MS Office version) is 2007 for all loaded hashes Cost 2 (iteration count) is 50000 for all loaded hashes Will run 4 OpenMP threads Press 'q' or Ctrl-C to abort, almost any other key for status
password123 (dummy.docx) 1g 0:00:00:03 DONE (2019-02-05 15:00) 0.2824g/s 415.8p/s 415.8c/s 415.8C/s lacoste..cooldude Use the "--show" option to display all of the cracked passwords reliably Session completed
~# john --show hash.txt dummy.docx:password123 1 password hash cracked, 0 left

Option 2: Cracking with Hashcat

~# hashcat --help
9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Documents 9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Documents 9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Documents 9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Documents 9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Documents 9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Documents 9400 | MS Office 2007 | Documents 9500 | MS Office 2010 | Documents 9600 | MS Office 2013 | Documents
~# hashcat -a 0 -m 9400 --username -o cracked_pass.txt hash.txt /usr/share/wordlists/nmap.lst
  • The -a flag sets the attack type as the default straight mode of 0.
  • The -m flag specifies the mode we want to use, which we just found.
  • The — username option ignores any usernames in the hash file.
  • We can specify the output file as cracked.txt with the -o flag.
  • And finally, we can pass in hash.txt which contains the hash, and set a word list just like we did earlier.
hashcat (v5.1.0) starting... * Device #2: Not a native Intel OpenCL runtime. Expect massive speed loss. You can use --force to override, but do not report related errors. OpenCL Platform #1: Intel(R) Corporation ======================================== * Device #1: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 934/3736 MB allocatable, 4MCU ...
Session..........: hashcat Status...........: Cracked Hash.Type........: MS Office 2007 Hash.Target......: $office$*2007*20*128*16*a7c7a4eadc2d90fb22c073c6324...2b6870 Time.Started.....: Tue Feb 5 15:08:00 2019 (4 secs) Time.Estimated...: Tue Feb 5 15:08:04 2019 (0 secs) Guess.Base.......: File (/usr/share/wordlists/nmap.lst) Guess.Queue......: 1/1 (100.00%) Speed.#1.........: 610 H/s (8.51ms) @ Accel:512 Loops:128 Thr:1 Vec:4 Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts Progress.........: 2048/5084 (40.28%) Rejected.........: 0/2048 (0.00%) Restore.Point....: 0/5084 (0.00%) Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:49920-50000 Candidates.#1....: #!comment: ***********************IMPORTANT NMAP LICENSE TERMS************************ -> Princess Started: Tue Feb 5 15:07:50 2019 Stopped: Tue Feb 5 15:08:05 2019
~# cat cracked_pass.txt $office$*2007*20*128*16*a7c7a4eadc2d90fb22c073c6324b6b49*abc5f80409f5f96f97e184e44aacd0b7*930b0c48a7eb5e13a57af4f3030b48e9402b6870:password123

How to Defend Against Cracking

Wrapping Up

Leave a Reply

error: Content is protected !!