What rules for this possible password ?
#1
Hello guys,

So I have this old Word 2003 file that I forgot the password of.

The 2 good news are :
  • My RTX 2070 can try more than 200 million passwords per second on the hash
  • I remember more or less how I composed the password, and if I can setup the correct rules, the number of combinations to try is not so high

The 2 bad news are :
  • I know the password is very long
  • The possible combinations are a bit complex, and I don't know how to setup the rules in hashcat

That's for the last point that I could really use your help guys.

I know the password is probably a combination of 2 words among 4, let's say :
  • Apple
  • Orange
  • Carrot
  • Peach

Each of those words probably start with a capital letter, but maybe not.

And :
  • A few numbers, probably put at the end, like 31444 or 45333
  • A special character, like _ probably put at the beginning and the end, but also possibly between the words

Now the 1 million $ question : how do you setup an attack that smartly manage these parameters to make it feasible to recover the password ? Smile
Reply
#2
This should help...

https://hashcat.net/forum/thread-3665-post-20935.html

Using this method, you don't even have to use the actual password to open the file.
Reply
#3
(09-11-2022, 12:57 PM)walterlacka Wrote: This should help...

https://hashcat.net/forum/thread-3665-post-20935.html

Using this method, you don't even have to use the actual password to open the file.

Thanks for the suggestion ! Unfortunately I tried the first step and it didn't work :

Quote:hashcat -m 9800 hash -a 3 ?b?b?b?b?b -w 3 --potfile-disable
hashcat (v6.2.6) starting

* Device #1: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
* Device #2: WARNING! Kernel exec timeout is not disabled.
            This may cause "CL_OUT_OF_RESOURCES" or related errors.
            To disable the timeout, see: https://hashcat.net/q/timeoutpatch
nvmlDeviceGetFanSpeed(): Not Supported

CUDA API (CUDA 11.7)
====================
* Device #1: NVIDIA GeForce RTX 2070 with Max-Q Design, 7173/8191 MB, 36MCU

OpenCL API (OpenCL 3.0 CUDA 11.7.101) - Platform #1 [NVIDIA Corporation]
========================================================================
* Device #2: NVIDIA GeForce RTX 2070 with Max-Q Design, skipped

OpenCL API (OpenCL 2.1 ) - Platform #2 [Intel(R) Corporation]
=============================================================
* Device #3: Intel(R) UHD Graphics, 3200/6466 MB (1616 MB allocatable), 24MCU

OpenCL API (OpenCL 2.1 WINDOWS) - Platform #3 [Intel(R) Corporation]
====================================================================
* Device #4: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz, skipped

./OpenCL/m09800_a3-optimized.cl: Pure kernel not found, falling back to optimized kernel
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 15

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Optimized-Kernel
* Zero-Byte
* Precompute-Init
* Not-Iterated
* Single-Hash
* Single-Salt
* Brute-Force

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 368 MB

Approaching final keyspace - workload adjusted.

Session..........: hashcat
Status...........: Exhausted
Hash.Mode........: 9800 (MS Office <= 2003 $3/$4, SHA1 + RC4)
Hash.Target......: $oldoffice$4*cdb996d69ab55b698d9733d7ad79efbe*6390e...656486
Time.Started.....: Sun Sep 11 15:49:12 2022 (50 mins, 29 secs)
Time.Estimated...: Sun Sep 11 16:39:41 2022 (0 secs)
Kernel.Feature...: Optimized Kernel
Guess.Mask.......: ?b?b?b?b?b [5]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:  355.8 MH/s (100.44ms) @ Accel:256 Loops:128 Thr:32 Vec:1
Speed.#3.........:  5239.5 kH/s (73.51ms) @ Accel:16 Loops:128 Thr:8 Vec:4
Speed.#*.........:  361.0 MH/s
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 1099511627776/1099511627776 (100.00%)
Rejected.........: 0/1099511627776 (0.00%)
Restore.Point....: 4294861824/4294967296 (100.00%)
Restore.Sub.#1...: Salt:0 Amplifier:128-256 Iteration:0-128
Restore.Sub.#3...: Salt:0 Amplifier:128-256 Iteration:0-128
Candidate.Engine.: Device Generator
Candidates.#1....: $HEX[cd22cfffff] -> $HEX[ffffffffff]
Candidates.#3....: $HEX[cd6e58feff] -> $HEX[ffff63feff]
Hardware.Mon.#1..: Temp: 85c Util:100% Core:1349MHz Mem:5495MHz Bus:8
Hardware.Mon.#3..: N/A

Started: Sun Sep 11 15:49:09 2022
Stopped: Sun Sep 11 16:39:42 2022

I first tried to crack the file with Advanced Office Password Recovery from ElcomSoft since they say they can crack a Word 2003 file in seconds no matter the password, but it doesn't work on my file.

AOPR says "This file is encrypted by a Cryptographic Service Provider (CSP).", so it seems that a stronger encryption than the standard of Word 2003 was used on this file.

(The file was created in 2005 and used a European version of Word 2003).

So I guess I can't use this option, and that I need to recover the original password.

So I'm back to my original question : does someone have an idea on what rule I can create ? Smile
Reply
#4
(Update : I guess the problem with the https://hashcat.net/forum/thread-3665-post-20935.html method is that it works for MD5 + RC4 Office 2003 documents (hash type 9700) while my document is SHA1 + RC4 (hash type 9800) )
Reply
#5
So, is my problem too complicated to setup an attack ?

Should I do 2 lists of the possible words with the different numbers and special characters, and ask hashcat to combine them for an attack ?
Reply
#6
This is how I would do it.. I used this method to recover my bitcoin wallet , I knew parts of the passwords that I used but couldn't remember in what order and a few other things..



grab yourself Prince Processor: https://github.com/hashcat/princeprocessor



We are going to use Prince to generate all our combinations and feed them into Hashcat..



This is my example that worked..



pp64.exe --elem-cnt-min=2 --elem-cnt-max=8 --pw-min=8 --pw-max=18 < wordlist.txt | hashcat.exe -a 0  -m 11300 -w 4  -O --status --status-timer=5 -o "c:\temp\FOUNDPASSWORD.txt" --outfile-format=3 "C:\temp\YOUR-Hash-File.txt"



wordlist.txt ( all of parts of the password, include cas sensitve ones as well, or even parts of it)

orange

Orange

Apple

apple

Pear

pear

_

_

31444

45333



--elem-cnt-min=4 --elem-cnt-max=8

min=4 means it will combine 4 of those words to produce a result and max of 8 combinations..

OrangeApple_31444 ( 4 combos)

OrangeOrangeOrangeAppleAppple ( 5 combos)



it will try every permutation, the smaller the list and the lower the MAX value the quicker it will run through every combinations. If it gets too large then it will take forever and a day..



You can also combine RULES, Case or UPPER all words, toggles , duplicate, reverse, insert specific characters, what ever you want..

eg:

pp64.exe --elem-cnt-min=2 --elem-cnt-max=8 --pw-min=8 --pw-max=18 < wordlist.txt | hashcat.exe -a 0  -m 11300 -w 4  -O --status --status-timer=5 -o "c:\temp\FOUNDPASSWORD.txt" --outfile-format=3 -r "c:\temp\customRULES.rule" C:\temp\YOUR-Hash-File.txt"



depending on your OS you might not need to use the " ".. I'm on Windoze
Reply
#7
Thanks IamYourLeader, I will try that Wink
Reply
#8
(09-11-2022, 03:12 PM)lionbladerunner Wrote: (Update : I guess the problem with the https://hashcat.net/forum/thread-3665-post-20935.html method is that it works for MD5 + RC4 Office 2003 documents (hash type 9700) while my document is SHA1 + RC4 (hash type 9800) )

An update on this : after carefully reading the whole post https://hashcat.net/forum/thread-3665-post-20935.html the method of colliding the passwords DOES work with SHA1 + RC4, but only if the RC4 key is of 40 bits length.

It is the case for $oldoffice $1 $2 and $3, but not $4 (the type of my document), which uses a 128 bits length.
Reply
#9
Many thanks; this will work. I was just wondering whether there were any parsing options in hashcat that I was simply overlooking or if we had to do it ourselves. 
Reply