Colliding password protected MS office 97-2003 documents
#31
Tongue 
Where is the initial hash being used coming from? Do I have to run this through another process, or can I just pull the values from a hex viewer?
#32
Hi guys, I have a problem.

When using mode 9810, there is no RC4 recovered. I ran the session on Nvidia K80, Windows 2008 R2 64, cudaHashcat-2.01, ForceWare 348.40, cuda 7.0.28.
 
Session.Name...: cudaHashcat
Status.........: Exhausted
Input.Mode.....: Mask (?b?b?b?b?b) [5]
Hash.Target....: $oldoffice$3*1fd80fb32756c57c979aff19f503...
Hash.Type......: MS Office <= 2003 SHA1 + RC4, collision-mode #1
Time.Started...: Tue Apr 12 11:03:44 2016 (42 mins, 6 secs)
Time.Estimated.: 0 secs
Speed.GPU.#1...: 54166.7 kH/s
Speed.GPU.#2...: 54358.7 kH/s
Speed.GPU.#3...: 54439.6 kH/s
Speed.GPU.#4...: 54877.3 kH/s
Speed.GPU.#5...: 54384.6 kH/s
Speed.GPU.#6...: 54191.4 kH/s
Speed.GPU.#7...: 54850.1 kH/s
Speed.GPU.#8...: 54891.1 kH/s
Speed.GPU.#*...:   436.2 MH/s
Recovered......: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.......: 1099511627776/1099511627776 (100.00%)
Rejected.......: 0/1099511627776 (0.00%)
TOP570cdc3b     proc_start      1460430224
TOP570cdc3b     proc_stop       1460432759
TOP570cdc3b     STOP
Started: Tue Apr 12 11:03:44 2016
Stopped: Tue Apr 12 11:45:59 2016
#33
Are you able to reproduce this with any other hash?
#34
(04-12-2016, 04:13 PM)stepMode Wrote: Are you able to reproduce this with any other hash?

I try to make a test file, and cudahashcat worked to it.

But for the orginal file, it can not get the RC4.

I found that when I open the orginal file in passware, passware show that the file is "Microsoft Base Cryptographic Prider v 1.0. 128 bits", and test file is 40 bits.

When using office2hashcat.py to analyze these two files, the output hash are all start with $oldoffice$3.
#35
(09-08-2014, 09:46 PM)atom Wrote: Exploitation

<skip>

To make it more comfortable, this technique requires two seperate oclHashcat modes. The first to brute-force the intermediate hash and once you cracked it just store it. Then you can use oclHashcat "normally" with the second mode. This mode works with the previosly cracked key and therefore only needs to calculates steps 1-5. Note that in this second mode you are not stick to Brute-Force, you can use any attack-mode you want. Actually you will not need to do that unless you try to find the real password that was used (forensic stuff). Just continue reading...

<skip>

Hello colleagues, can you please elaborate a bit more on this. For instance i received a HEX value on the first stage of the process. What do i do with this value if i don't need a real password?

Thanks in advance
#36
you could for instance just decrypt/open the file (I already mentioned how to do this with libreoffice here: https://hashcat.net/forum/thread-7216-po...l#pid39498)
#37
(05-25-2018, 02:33 PM)philsmd Wrote: you could for instance just decrypt/open the file (I already mentioned how to do this with libreoffice here: https://hashcat.net/forum/thread-7216-po...l#pid39498)

Oh my, do you mean that I would need to build LibreOffice?