(09-01-2024, 06:17 AM)GranolaClover15 Wrote: Hello! New here!, I lost my password for my dream journal Onenote Protected Section, I do remember though I used dumb common password.
I extracted to what seems like sections of what look like hash of the section but I don't know how to format it into format that hashcat can use can someone helped me format these? Thanks!
Code:<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>
Code:<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>
just take a look at john the ripper (jtr) and its tools, in this case office2john (python or exe, sometimes there are boot variants, depending on your system)
jtr and hashcat using the same hashstyle conventions, so they are basically full compatible, jtr sometime adds more infos which are unnecessary, just take a look at https://hashcat.net/wiki/doku.php?id=example_hashes to see what infos are needed
most times jtr adds filenames at the end or beginning, just strip these infos