Excel crack with possible passwords
#1
Star 
Hi all,
for a relative I want to crack a password from an important Excel 2013 file.
Hash was extracted with John.

Relative gave me a bunch of passwords what it could be, so I put all of those in a wordlist with diff combinations but no luck so I am thinking of Bruteforcing/masking  it. It did find a false positive but that password didn't work.
The password consists of a text (only all lower case or only all upper case , or first letter upper case rest lower case) with a suffix that seems to be returning.
Suffix can be    : ! ? . @ 0387 0387! 387  387! 387? 0387? 04 04! 04? 1987 1987? 1987! 2020 2020! 2020? 2021 2021! 2021? 2022 2022! 2022? 2023 2023! 2023? 2024 2024! 2024? 4694 4694? 4694! 69 69! 69? 87 87! 87? 05 05! 05? 06 06? 06! 07 07! 07? 08 08? 08! 09 09? 09! 10 10? 10!

A full password could be Coconut0387! COCONUT0387! coconut0387! 

From her list the maximum text password (without suffix) is 10 characters. But the full text password could as well be just 3-4 + adding suffix.

What command would hashcat need to crack this pw? Not taking into consideration how many years it would take.

I feel a bit lost here.

Thank you very much for your input.


Attached Files
.txt   firstpart.txt (Size: 508 bytes / Downloads: 1)
.txt   Lastpart.txt (Size: 257 bytes / Downloads: 1)
Reply
#2
A possible approach could be: make two wordlists; one with all possible base-words, and a second wordlist with all possible suffix. Combine them with -a 1.
(this will most likely work if the first part is an existing word and could be found in wikipedia for example)
Reply
#3
(01-29-2024, 12:12 AM)Banaanhangwagen Wrote: A possible approach could be: make two wordlists; one with all possible base-words, and a second wordlist with all possible suffix. Combine them with -a 1.
(this will most likely work if the first part is an existing word and could be found in wikipedia for example)

Thanks for the input. I should have mentioned what I have already tried:
Use of wordlists like Rockyou:  negative
Use of relative wordlist: negative
Split relative wordlist in 2 parts and combine suffixes with all words: negative
Used relative word with well known rules from internet : negative
L33tspeak: negative

So the plan was to bruteforce the word and add her suffixes... but am not sure how to do this.

Thank you for helping
Reply
#4
A Hybrid attack with -a 7 would be a possibility.
https://hashcat.net/wiki/doku.php?id=hybrid_attack
Reply
#5
Sounds to me like it could be useful to check for typos.
Start with running some toggles rules toggles1.rule, toggles2.rule etc.
Then try making some own typo rules. For example, if someone would want to write Coconut, they sometimes would write cOCONUT (shift on, use rule "C "), you could also check for swapped adjacent letters (Swap @ p), etc.
Sometimes people duplicate their suffix (69? 69?) or add it as prefix as well for extra security (69?COCONUT69?), or duplicate the password entirely COCONUT69?COCONUT69? .
If you have not yet, I would try out these options. All of these an much more can be achieved using rules, see description below

See rules description https://hashcat.net/wiki/doku.php?id=rule_based_attack

On more thing, rockyou includes prefixes and suffixes from users. Perhaps try removing prefixes and suffixes by dropping all digits and special character, sorting and filtering on uniq. Then use that list in combination with you suffix and perhaps with additional toggle rules. Good chance you hit the password with that.
Good luck.
Reply