hashcat Forum Support hashcat v
Password for MS Word

Threaded Mode
Password for MS Word
DCRookie Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Aug 2021
#1
08-31-2021, 03:41 AM
Hi. I am trying to crack a MS Word 2010 which seems to have AES encryption with two hash and two salt values. Any suggestions as to how to go about cracking the password using hashcat?

Thanks
Find
Reply
Banaanhangwagen Online
Member
***
Posts: 157
Threads: 5
Joined: Mar 2018
#2
08-31-2021, 10:15 AM
- use for example this Python-script to recover the hash
- check the output with https://hashcat.net/wiki/doku.php?id=example_hashes in order to determine the correct mode
- start cracking

Literally the first hit on Google when typing "office crack hashcat" gives you a more detailed how-to.
Find
Reply
DCRookie Offline
Junior Member
**
Posts: 2
Threads: 1
Joined: Aug 2021
#3
08-31-2021, 03:47 PM
Thank you. I did recover the hash and tried to crack with merged.txt and rockyou.txt with code 9500 for office 2010. It didn't work.

I got this info through 7z. Any idea how to plug this in into hashcat?

"<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><keyData saltSize="16" blockSize="16" keyBits="128" hashSize="20" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA1" saltValue="mBpBa0/xc+Ne9NmlqOPEbw=="/><dataIntegrity encryptedHmacKey="HUrn5QfXfWAUHwF7gV8V2Gi4B0NhgUJ9TT3l0F1CYnk=" encryptedHmacValue="YM6uHfILRzUazgcZl+o9w6q+gbLKIiLkNzgMA6cKonw="/><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="128" hashSize="20" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA1" saltValue="G3zscs0TucKtP2kMuY+CtA==" encryptedVerifierHashInput="g2QBm8nfS7PF0jBy8jbeSA==" encryptedVerifierHashValue="XpOSz0uQGZ91blr4nb3qdgaffbiFkqnechVO8+O38iI=" encryptedKeyValue="8IgrrhOtHASYziu/j8ez9g=="/></keyEncryptor></keyEncryptors></encryption>"

Thanks again

(08-31-2021, 10:15 AM)Karamba Wrote: - use for example this Python-script to recover the hash
- check the output with https://hashcat.net/wiki/doku.php?id=example_hashes in order to determine the correct mode
- start cracking

Literally the first hit on Google when typing "office crack hashcat" gives you a more detailed how-to.
Find
Reply
Banaanhangwagen Online
Member
***
Posts: 157
Threads: 5
Joined: Mar 2018
#4
08-31-2021, 04:21 PM
You need to give the extracted hash as input in Hashcat, nothing more nothing less.
You say "it didn't work". What do you mean exactly? What command did you type? Was there an error?

Finally, no need to investigate the .docx itself, the script did it for you.
Find
Reply