How do I Format Onenote protected section hash into hashcat format?
#1
Hello! New here!, I lost my password for my dream journal Onenote Protected Section, I do remember though I used dumb common password.

I extracted to what seems like sections of what look like hash of the section but I don't know how to format it into format that hashcat can use can someone helped me format these? Thanks!

Code:
<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>

Code:
<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>
Reply
#2
(09-01-2024, 06:17 AM)GranolaClover15 Wrote: Hello! New here!, I lost my password for my dream journal Onenote Protected Section, I do remember though I used dumb common password.

I extracted to what seems like sections of what look like hash of the section but I don't know how to format it into format that hashcat can use can someone helped me format these? Thanks!

Code:
<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>

Code:
<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>

just take a look at john the ripper (jtr) and its tools, in this case office2john (python or exe, sometimes there are boot variants, depending on your system)

jtr and hashcat using the same hashstyle conventions, so they are basically full compatible, jtr sometime adds more infos which are unnecessary, just take a look at https://hashcat.net/wiki/doku.php?id=example_hashes to see what infos are needed

most times jtr adds filenames at the end or beginning, just strip these infos
Reply
#3
(09-03-2024, 02:54 PM)Snoopy Wrote:
(09-01-2024, 06:17 AM)GranolaClover15 Wrote: Hello! New here!, I lost my password for my dream journal Onenote Protected Section, I do remember though I used dumb common password.

I extracted to what seems like sections of what look like hash of the section but I don't know how to format it into format that hashcat can use can someone helped me format these? Thanks!

Code:
<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>

Code:
<encryption xmlns="http://schemas.microsoft.com/office/2006/encryption" xmlns:p="http://schemas.microsoft.com/office/2006/keyEncryptor/password" xmlns:c="http://schemas.microsoft.com/office/2006/keyEncryptor/certificate"><keyData saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="q/1sFWbCyoiitwts/9q4UQ==" /><keyEncryptors><keyEncryptor uri="http://schemas.microsoft.com/office/2006/keyEncryptor/password"><p:encryptedKey spinCount="100000" saltSize="16" blockSize="16" keyBits="256" hashSize="64" cipherAlgorithm="AES" cipherChaining="ChainingModeCBC" hashAlgorithm="SHA512" saltValue="L7V4zQP7/eAXYSSSPIE6+A==" encryptedVerifierHashInput="msZT/YGku6DRSO5kgZ/N8w==" encryptedVerifierHashValue="D5wx0qRR7Qb579D8TmVnKjk+3hfIEDfIq6lVZgZqpypNYgRE9JCXyj34zoSvNZEK/9gnLQC2rbpxl1eTAW9xwQ==" encryptedKeyValue="kat0pRF/fTqKt9rF+gK9AAYDVf9K5Tv+DT/t6FwnkOs=" /></keyEncryptor></keyEncryptors></encryption>

just take a look at john the ripper (jtr) and its tools, in this case office2john (python or exe, sometimes there are boot variants, depending on your system)

jtr and hashcat using the same hashstyle conventions, so they are basically full compatible, jtr sometime adds more infos which are unnecessary, just take a look at https://hashcat.net/wiki/doku.php?id=example_hashes to see what infos are needed

most times jtr adds filenames at the end or beginning, just strip these infos

Thank you for the reply! I seems to having issues cracking -m 9600 on my RX 580, when i try to crack the test example hash I'm get OpenCL kernel self test failed any clue what causing these? I already tried installing HIP SDK and using beta version of hashcat but still no luck

Code:
./hashcat.exe -m 9600 -o cracked.txt hash.txt test.txt
hashcat (v6.2.6) starting

hiprtcCompileProgram is missing from HIPRTC shared library.

OpenCL API (OpenCL 2.1 AMD-APP (3584.0)) - Platform #1 [Advanced Micro Devices, Inc.]
=====================================================================================
* Device #1: Radeon RX 580 Series, 8064/8192 MB (6745 MB allocatable), 36MCU

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 1

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
* Uses-64-Bit

Watchdog: Temperature abort trigger set to 90c

Host memory required for this attack: 281 MB

* Device #1: ATTENTION! OpenCL kernel self-test failed.

Your device driver installation is probably broken.
See also: https://hashcat.net/faq/wrongdriver

Aborting session due to kernel self-test failure.

You can use --self-test-disable to override, but do not report related errors.

Started: Wed Sep 04 13:47:28 2024
Stopped: Wed Sep 04 13:47:36 2024
Reply
#4
I Cracked the hash with john the ripper thankfully it was really simple password so its not take that long on CPU, Thanks for your help!
Reply