Posts: 101
Threads: 34
Joined: Oct 2014
I am attempting to crack an Excel sheet protection password (**Not file encryption on open).
Here is what I have done so far.
Renamed the file.xlsx to file.zip. I then open the zip and browse to the file sheet1. The contents of the file are as follows (masked, of course).
sheetProtection algorithmName="SHA-512" hashValue="iE1y5m8c********************ql1scF7sAK8itsCDyRxGIxwwf5mX0VOa368v2HdtvWq/Pl3b7LA20dZ4Jg==" saltValue="X4y+**********mOqd4Ftg=="
I am at a loss now as to how to crack the hash. I have tried a few things, but I obviously need help
.
Thank You.
Posts: 165
Threads: 5
Joined: Mar 2018
https://hashcat.net/wiki/doku.php?id=example_hashes
Make sure that your hash is formed liked the example one (-m 25300), and you should be fine.
Posts: 890
Threads: 15
Joined: Sep 2017
07-12-2023, 01:57 PM
(This post was last modified: 07-12-2023, 02:01 PM by Snoopy.)
TL;DR; see answer with stackoverflow for simple worksheet protection
depending on the kind of protection (workbook, sheet, on open and so on) and excel version used, there is/was a macro out there for bruteforcing simple passes if you are able to open the excel-file normally and have access to the VBA developer options (alt+f11) google is your friend
but be aware im quite sure, that the last excelversion for "attacking" is Excel 2010 as afterwards these vba attack was blocked internally by microsoft, so you have to open the file with an older version of excel for running the attack
but never the less, please also see this answer by Alexander Don'valderath, when its just plain sheet protection, its enough to delete the corresponding XML node inside the worksheet, this answer still works even on LTS Office 2016
https://stackoverflow.com/questions/1995...d-with-vba
Posts: 101
Threads: 34
Joined: Oct 2014
Thank you both for the responses.
@Snoopy I have already successfully edited the XML file to gain access. I was curious if I could crack the actual password.
@Banaanhangwagen, 25300 doesn't work. I have tried it with and without the salt added. Hashcat gives me a separator unmatched error.
Any other suggestions?
Posts: 890
Threads: 15
Joined: Sep 2017
(07-12-2023, 05:08 PM)slawson Wrote: Thank you both for the responses.
@Snoopy I have already successfully edited the XML file to gain access. I was curious if I could crack the actual password.
@Banaanhangwagen, 25300 doesn't work. I have tried it with and without the salt added. Hashcat gives me a separator unmatched error.
Any other suggestions?
is has to work (tried it right now myself), separator unmatched just tells, that the hashstring is malformed and you made a mistake while preparing the hashstring
just take the example ( its not forbidden to post them ^^)
Code:
$office$2016$0$100000$876MLoKTq42+/DLp415iZQ==$TNDvpvYyvlSUy97UOLKNhXynhUDDA7H8kLql0ISH5SxcP6hbthdjaTo4Z3/MU0dcR2SAd+AduYb3TB5CLZ8+ow==
and replace these parts with the data from your file, inside the brackets and dont delete the $ as these are the separators
Code:
$office$2016$0$100000$[saltValue]$[hashValue]
Posts: 101
Threads: 34
Joined: Oct 2014
Bingo. Thank you very much. In my ignorance, I was was putting the hash before the salt and using a : as the separator.
Quick Question. Is there a rule of thumb of when to use : as the separator versus $ or *?
Posts: 890
Threads: 15
Joined: Sep 2017
INPUT $HASH$ -> hashtyp and hashdata for cracking always seperated by $
INPUT USERNAME:$HASH$ -> username and hash seperated by :
OUTPUT (Potfile) HASH
ASSWORD also seperated by :
these are the defaults