Obtain a Hash from a Excel 2007 file - Printable Version +- hashcat Forum (https://hashcat.net/forum) +-- Forum: Misc (https://hashcat.net/forum/forum-15.html) +--- Forum: General Talk (https://hashcat.net/forum/forum-33.html) +--- Thread: Obtain a Hash from a Excel 2007 file (/thread-2308.html) |
Obtain a Hash from a Excel 2007 file - taratota - 05-19-2013 Hi there, According to the Microsoft whitepaper the following specs are defined for the Excel password security encryption: Key derivation is performed using 50,000 iterations[source] of SHA-1 (increased to 100k in SP2). Uses a 16-byte (128-bit) random salt. AES is the block cipher used to encrypt the document. By default, 128-bit key are used. There is a registry tweak to change this to 256-bit. The AES block cipher is implemented in Microsoft's CSP / CryptoAPI. This info give me a good point to crack a Excel password, but... I don't find any information or documentation to get the hash from an Excel file. Anyone knows how get it? Thanks in advance and sorry for my english Byebye! RE: Obtain a Hash from a Excel 2007 file - halfie - 05-19-2013 See https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/office2john.py RE: Obtain a Hash from a Excel 2007 file - taratota - 05-19-2013 Works fine! (So I think although I have not checked it) This is the output for my test-Excel: excel-test.xlsx:$office$*2007*20*128*16*93da6e1d346c793d821daf7877d440ff*fdad25c4a27cb26816602397a55e0755*decc89fa6d72b495cac8ced2e66dfca26d4b44111d1def88becd82b749fca647 I don't understand yet de format of this string, but I will investigate this RE: Obtain a Hash from a Excel 2007 file - taratota - 05-20-2013 Good morning from Spain I successfully pass the hash obtained from chain obtained from "https://github.com/magnumripper/JohnTheR...ce2john.py" to John the Ripper, was very easily invoking Jhon with this chain directly. Can anyone help me to pass this Hash to Hashcat? I think, this Hash is splitted in 3 chains, according the documentation White Paper, because the password is too long.. Thanks in advance RE: Obtain a Hash from a Excel 2007 file - epixoip - 05-20-2013 hashcat does not support this algorithm. and office2john.py is specific to john the ripper, hence the script's name. RE: Obtain a Hash from a Excel 2007 file - taratota - 05-20-2013 (05-20-2013, 09:32 AM)epixoip Wrote: hashcat does not support this algorithm. and office2john.py is specific to john the ripper, hence the script's name. Hi, in the documentation figures that this algorithm is SHA1, concretly salt+SHA1. For this reason I trying/playing to do it with Hashcat. Maybe I'm wrong... RE: Obtain a Hash from a Excel 2007 file - epixoip - 05-20-2013 (05-20-2013, 09:37 AM)taratota Wrote: Maybe I'm wrong... yes, you're wrong. it's not near as simple as you think it is. RE: Obtain a Hash from a Excel 2007 file - taratota - 05-20-2013 (05-20-2013, 01:58 PM)epixoip Wrote:(05-20-2013, 09:37 AM)taratota Wrote: Maybe I'm wrong... Thanks! I invistigate this, bye! RE: Obtain a Hash from a Excel 2007 file - achaeon - 10-24-2014 (05-20-2013, 09:37 AM)taratota Wrote:(05-20-2013, 09:32 AM)epixoip Wrote: hashcat does not support this algorithm. and office2john.py is specific to john the ripper, hence the script's name. You're not far off. The hashcat format should look like: $office$*2007*20*128*16*411a51284e0d0200b131a8949aaaa5cc*117d532441c63968bee7647d9b7df7d6*df1d601ccf905b375575108f42ef838fb88e1cde So you only need to slightly adjust the office2john output by removing the filename from the front. The hashcat mode you want is 9400 for office 2007, 9500 for 2010, 9600 for 2013. RE: Obtain a Hash from a Excel 2007 file - Rolf - 10-24-2014 Silence, necromancer! |