Obtain a Hash from a Excel 2007 file
#1
Hi there, According to the Microsoft whitepaper the following specs are defined for the Excel password security encryption:

Key derivation is performed using 50,000 iterations[source] of SHA-1 (increased to 100k in SP2).
Uses a 16-byte (128-bit) random salt.
AES is the block cipher used to encrypt the document.
By default, 128-bit key are used. There is a registry tweak to change this to 256-bit.
The AES block cipher is implemented in Microsoft's CSP / CryptoAPI.

This info give me a good point to crack a Excel password, but... I don't find any information or documentation to get the hash from an Excel file.

Anyone knows how get it?

Thanks in advance and sorry for my english Wink

Byebye!
#2
See https://github.com/magnumripper/JohnTheR...ce2john.py
#3
Works fine! Smile (So I think although I have not checked it)
This is the output for my test-Excel: excel-test.xlsx:$office$*2007*20*128*16*93da6e1d346c793d821daf7877d440ff*fdad25c4a27cb26816602397a55e0755*decc89fa6d72b495cac8ced2e66dfca26d4b44111d1def88becd82b749fca647

I don't understand yet de format of this string, but I will investigate this Smile
#4
Good morning from Spain Smile

I successfully pass the hash obtained from chain obtained from "https://github.com/magnumripper/JohnTheR...ce2john.py" to John the Ripper, was very easily invoking Jhon with this chain directly.

Can anyone help me to pass this Hash to Hashcat? I think, this Hash is splitted in 3 chains, according the documentation White Paper, because the password is too long..

Thanks in advance Smile
#5
hashcat does not support this algorithm. and office2john.py is specific to john the ripper, hence the script's name.
#6
(05-20-2013, 09:32 AM)epixoip Wrote: hashcat does not support this algorithm. and office2john.py is specific to john the ripper, hence the script's name.

Hi, in the documentation figures that this algorithm is SHA1, concretly salt+SHA1. For this reason I trying/playing to do it with Hashcat.

Maybe I'm wrong... Wink
#7
(05-20-2013, 09:37 AM)taratota Wrote: Maybe I'm wrong... Wink

yes, you're wrong. it's not near as simple as you think it is.
#8
(05-20-2013, 01:58 PM)epixoip Wrote:
(05-20-2013, 09:37 AM)taratota Wrote: Maybe I'm wrong... Wink

yes, you're wrong. it's not near as simple as you think it is.

Thanks! I invistigate this, bye! Smile
#9
(05-20-2013, 09:37 AM)taratota Wrote:
(05-20-2013, 09:32 AM)epixoip Wrote: hashcat does not support this algorithm. and office2john.py is specific to john the ripper, hence the script's name.

Hi, in the documentation figures that this algorithm is SHA1, concretly salt+SHA1. For this reason I trying/playing to do it with Hashcat.

Maybe I'm wrong... Wink

You're not far off. The hashcat format should look like:
$office$*2007*20*128*16*411a51284e0d0200b131a8949aaaa5cc*117d532441c63968bee7647d9b7df7d6*df1d601ccf905b375575108f42ef838fb88e1cde

So you only need to slightly adjust the office2john output by removing the filename from the front. The hashcat mode you want is 9400 for office 2007, 9500 for 2010, 9600 for 2013.
#10
Silence, necromancer!