Help debugging Hashcat not starting...
#1
I have installed the latest version (7.1.2) on Mint Linux. I have two hash files obtained using office2hashcat from two Excel files which are identical but encrypted with different passwords. The first Excel file is encrypted with a 9 character password that I do not know. The second file is encrypted with the password 12345. I run these commands:
$ hashcat -m 9600 test_1_hash.txt rockyou.txt --show
$ hashcat -m 9600 test_2_hash.txt rockyou.txt --show
The second command runs as expected and reveals the password as 12345. The first command does not run. There are no error messages.
How should I go about debugging the issue?

Information:
I tried the earlier version of Hashcat from the Mint repository, version 6.2.6 with exactly the same issue. I compiled the latest version from source.
This is what the hash files look like:
$office$*2013*100000*256*16*6c6eb1e86e92f3c5ead4b8dc72978b3c*ee5eb1cb257e125f49205b3ebe2a7a00*cdb9c346c054cb7a3d887b7bf11a359a4d00021ae765206358d9674d2ac93a4d (< file 1)
$office$*2013*100000*256*16*79ef730a26e7f521229c9e008e4e6631*aba929dd045f29634cad98e23ddd8853*3e3b927531d9ca631b80ca8c148dcbc50b319fb436054a962447c9bd61ad5688 (< file 2)
Reply
#2
You have --show in both of your commands. Hashcat is only checking the potfile for the passwords, it's not running the attack. One of them has been previously cracked and thus it emits the passwords since it's in the potfile. The other one has NOT been cracked yet, and thus is not in the potfile. Hashcat will not emit anything. If you want to actually run the attacks, you need to drop --show from your commands.
Reply
#3
Aha. Thanks for that.
Reply