06-22-2016, 08:28 PM
first u need to get the hash of the DOC file
u can do it with office2john
here the script https://raw.githubusercontent.com/magnum...ce2john.py
after that u got the hash of ur doc file u need to select what kind of attack u want to use, their is 9 atacks on office docs
9700 = MS Office <= 2003 MD5 + RC4, oldoffice$0, oldoffice$1
9710 = MS Office <= 2003 MD5 + RC4, collider-mode #1
9720 = MS Office <= 2003 MD5 + RC4, collider-mode #2
9800 = MS Office <= 2003 SHA1 + RC4, oldoffice$3, oldoffice$4
9810 = MS Office <= 2003 SHA1 + RC4, collider-mode #1
9820 = MS Office <= 2003 SHA1 + RC4, collider-mode #2
9400 = MS Office 2007
9500 = MS Office 2010
9600 = MS Office 2013
if ur doc file is from an office 2007 ur hash should start with $office$*2007*
put ur hash into a file
and start cracking the hash
cudahashcat64.exe -m 9400 -a 3 ?l?l?l?l C:\hashfile.txt -o C:\crackedoutputfile.txt
-m is for type of attack (9400 for office2007)
-a how do u want to crack the hash (3 is bruteforce mode)
?l mean low characters, u could change it as ?a?a?a?a (?a is all, >u is upper case, and so on..)
u should read abit , everything is there https://hashcat.net/wiki/
u can do it with office2john
here the script https://raw.githubusercontent.com/magnum...ce2john.py
after that u got the hash of ur doc file u need to select what kind of attack u want to use, their is 9 atacks on office docs
9700 = MS Office <= 2003 MD5 + RC4, oldoffice$0, oldoffice$1
9710 = MS Office <= 2003 MD5 + RC4, collider-mode #1
9720 = MS Office <= 2003 MD5 + RC4, collider-mode #2
9800 = MS Office <= 2003 SHA1 + RC4, oldoffice$3, oldoffice$4
9810 = MS Office <= 2003 SHA1 + RC4, collider-mode #1
9820 = MS Office <= 2003 SHA1 + RC4, collider-mode #2
9400 = MS Office 2007
9500 = MS Office 2010
9600 = MS Office 2013
if ur doc file is from an office 2007 ur hash should start with $office$*2007*
put ur hash into a file
and start cracking the hash
cudahashcat64.exe -m 9400 -a 3 ?l?l?l?l C:\hashfile.txt -o C:\crackedoutputfile.txt
-m is for type of attack (9400 for office2007)
-a how do u want to crack the hash (3 is bruteforce mode)
?l mean low characters, u could change it as ?a?a?a?a (?a is all, >u is upper case, and so on..)
u should read abit , everything is there https://hashcat.net/wiki/