I am finally cracking it. It converted "hello.hash" from CRLF to LF, and UTF-16 LE to UTF-8. Now it's accepted by Hashcat 6.2.5 and I will tell you in about 25 minutes if it worked or not. I'm brute forcing it so it will take a bit of time, even for a 6 character password (but it's a more challenging hash value than MD5).
So to sum this all up:
1. Use a good script to get the hash.
2. The "office2hashcat" script doesn't work with all versions of Excel documents (the same may apply to other Office apps as well).
3. Make sure to use LF instead of CRLF in your hash file. You can easily avoid this by using Linux for hash extraction rather than Windows. (You may not be able to fully utilize your GPU without CUDA runtime if you're not running Windows, unless it's made available for Linux by Nvidia, and you may not have a choice but to use Windows if your GPU is installed in a Windows PC for the purpose of DirectX gaming. Take your pick.)
4. Make sure you don't use BOM in your hash file. This too can be easily avoided by using Linux when you pipe the output of the script to a new file.
5. There should be no "$HEX[blabla]" at the end of the hash string for an Excel 2007 document.
Update: Cracking it with brute force will take more time than I anticipated as it was not found within the first few rounds of candidates, and optimized kernel is not available.
Update 2: Password for Excel 2007 document is now cracked as well. Patience is a virtue.
Input:
Output:
Again, no "$HEX[blabla]" at the end in the output. Not for Excel 2007 and not for "Excel 97 - 2003" document. I think it's safe to say that something must have gone wrong during your hash extraction operation Andy.
So to sum this all up:
1. Use a good script to get the hash.
2. The "office2hashcat" script doesn't work with all versions of Excel documents (the same may apply to other Office apps as well).
3. Make sure to use LF instead of CRLF in your hash file. You can easily avoid this by using Linux for hash extraction rather than Windows. (You may not be able to fully utilize your GPU without CUDA runtime if you're not running Windows, unless it's made available for Linux by Nvidia, and you may not have a choice but to use Windows if your GPU is installed in a Windows PC for the purpose of DirectX gaming. Take your pick.)
4. Make sure you don't use BOM in your hash file. This too can be easily avoided by using Linux when you pipe the output of the script to a new file.
5. There should be no "$HEX[blabla]" at the end of the hash string for an Excel 2007 document.
Update: Cracking it with brute force will take more time than I anticipated as it was not found within the first few rounds of candidates, and optimized kernel is not available.
Update 2: Password for Excel 2007 document is now cracked as well. Patience is a virtue.
Input:
Code:
$office$*2007*20*128*16*bd72fadd630f6706d2265bb2670744d8*ffd55bec1246280becc69478087b5e45*19871af11d8ff42d730128763a13229cf67ee6e8
Output:
Code:
$office$*2007*20*128*16*bd72fadd630f6706d2265bb2670744d8*ffd55bec1246280becc69478087b5e45*19871af11d8ff42d730128763a13229cf67ee6e8:qwerty
Again, no "$HEX[blabla]" at the end in the output. Not for Excel 2007 and not for "Excel 97 - 2003" document. I think it's safe to say that something must have gone wrong during your hash extraction operation Andy.