hashcat Forum
Excel SHA512 salts and hashes - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Excel SHA512 salts and hashes (/thread-6799.html)



Excel SHA512 salts and hashes - Jim__code - 08-18-2017

I am working on an Excel salted SHA512 hash but I am stumped (which isn't a surprise since I am a total noob at this). When I look at the hash examples a salted SHA512 hash should either be given as type 1710 ($hash:$salt) 128 hex characters:10 numericals or as type 1720 ($salt:$hash) 128 hex characters:10 numericals for hashcat to work. This creates two questions:

1. Why is the format identical for the both variants? Shouldn't type 1720 have a shorter numerical salt followed by a longer hex hash for the password? I.e 10 numericals:128 hex characters?

2. And does anybody here know how Excel's salting algorithm work? The salt is given (I extracted it the traditional way via ziping) as a 18 character long base64 string. I tried transforming it to hex, but that gave me a 32 hex character string that I cant get hashcat to accept. 

And another question, the xml-file from excell also contains the words spinCount="100000". Does this in fact mean that Excel did 100 000 iterations of the SHA512 hashes? Is there anything I can or should do in the command promt because of this? The (known) password I am trying to crack is only three lowercase letters so it should still be doable, right?

I am not actually a coder so if you formulate your answer as you would to a complete idiot (a picture I think you will have no problem holding in your head ;) it would be highly appreciated :)


RE: Excel SHA512 salts and hashes - undeath - 08-19-2017

have a look at mode 9400/9500/9600

In most cases you cannot simply use the generic implementations to crack something of which you merely know what underlying hashing function is used.

To extract the necessary info from your document use https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/office2john.py


RE: Excel SHA512 salts and hashes - Jim__code - 08-19-2017

(08-19-2017, 11:01 AM)undeath Wrote: have a look at mode 9400/9500/9600

In most cases you cannot simply use the generic implementations to crack something of which you merely know what underlying hashing function is used.

To extract the necessary info from your document use https://github.com/magnumripper/JohnTheRipper/blob/unstable-jumbo/run/office2john.py


Thanks for the answer, but aren't those modes meant for when the entire file is password protected? I believe that protection is different from the simple salted hash protection that I am working with now. 

My plan for the current attack is to basically generate a specific dictionary (or use a mask, haven't decided yet) with all the possible combinations of salt+hash, i.e. known salt:?l?l?l (my example password is jim), which should be quite a limited number of possibilities if I can only figure out what hash has actually been used, and how to put it in my hash-file in such a way that hashcat recognizes it.

Does that sound feasible, or have I misunderstood something basic here?


RE: Excel SHA512 salts and hashes - MrMeeseeks - 08-21-2017

This reply is a bit late, i never posted it. but:

1. They are not identical. -m 1710 is 128:10 and -m 1720 is 128:13. You are, however, using the incorrect hashcat mode. You should be using mode 9600. SHA512 was first utilized in Office 2013 according to my source. https://en.wikipedia.org/wiki/Microsoft_Office_password_protection
"Office 2013 uses 128-bit AES, however hash algorithm has been updated to SHA-2 class, and it is SHA-512 by default."
You can see earlier version are using sha-1 class algorithms, as well as md5.
2. It does not give you a salt either, what you are obtaining is the KDF for the 128-bit AES that you have to step through to start initialization, which is why it is so slow. Also this is not a static variable. If you made an exact copy of your spreadsheet and password protect it with the same password you will get a different KDF value.

All of this is irrelevant to you though. You do not need to get anything other than the extracted string, from the proper tool which i have give you information about below.

3. Yes, According to https://msdn.microsoft.com/en-us/library/documentformat.openxml.spreadsheet.protectedrange.spincount(v=office.14).aspx - "Iterations to Run Hashing Algorithm.Represents the attribute in schema: spinCount"

What you should be doing is using office2john.py (which is obtained from JtR's github).
Example (using hashcat as my password)
Code:
$ ./o2j.py hashcat_password.xlsx
hashcat_password.xlsx:$office$*2013*100000*256*16*331c08dcd32601d2xxxxxxxxxxxx8fe7*2e1xxxxxxxxxxxx7e866bd6262c3ba4c*bc6bccc7d215a5824xxxxxxxxxxxx2947fc59a4e19c46a107df91b57be1349e2