Colliding password protected MS office 97-2003 documents
#21
?b?b?b?b?b is not for the collision, but for cracking the RC4 key. Once you know the RC4 key, you have the first five bytes of the MD5|SHA1 hash. You then collide that hash to find a password that works.

Note the last step is not strictly necessary. You could simply use the RC4 key to decrypt the document without the password.
Reply
#22
Sorry, my question, I'm starter... I write a string exactly like you write it:
oclHashcat64.exe -m 9700 hash -a 3 ?b?b?b?b?b -w 3 --potfile-disable
and instead the word "hash" I tried to put the hash from 3 char string with separator '*'. I used both with quotes ' and without quotes and even give the text file with the hash. A and always I got the same result:
: Line-length exception
Parsed Hashes: 1/1 (100.00%)

ERROR: No hashes loaded

What did I do wrong?
Thanks
Reply
#23
(11-02-2014, 04:10 PM)injector Wrote: Sorry, my question, I'm starter... I write a string exactly like you write it:
oclHashcat64.exe -m 9700 hash -a 3 ?b?b?b?b?b -w 3 --potfile-disable
and instead the word "hash" I tried to put the hash from 3 char string with separator '*'. I used both with quotes ' and without quotes and even give the text file with the hash. A and always I got the same result:
: Line-length exception
Parsed Hashes: 1/1 (100.00%)

ERROR: No hashes loaded

What did I do wrong?
Thanks

When referencing hashes they should be in a file in the correct format.
http://hashcat.net/wiki/doku.php?id=example_hashes

So your file (lets say "hashFile.txt") should contain something like this:
$oldoffice$1*04477077758555626246182730342136*b1b72ff351e41a7c68f6b45c4e938bd6*0d95331895e99f73ef8b6fbc4a78ac1a

Make sure to follow the instructions as per this post (not the post which started the thread):
http://hashcat.net/forum/thread-3665-pos...l#pid20945

and you will address it in the syntax as such if attempting to recover the HEX value (Mode 9710 as per the referenced post, and not mode 9700):
oclHashcat64.exe -m 9710 hashFile.txt -a 3 ?b?b?b?b?b -w 3


However if you run into the same AMD Catalyst 14.9 issue that I'm having you may not be able to retrieve the value needed for collisions.
Reply
#24
Excuse my ignorance, gentlemen, but how do I obtain the hash value from an office doc?
Reply
#25
https://github.com/stricture/hashstack-s...hashcat.py
Reply
#26
Thanks!

Is it the same mechanism as in office2john.py ?
Reply
#27
yes. it's a slightly modified version of office2john.py
Reply
#28
Hi,

I do have a Office 2007 document with an write protected area - so the document itself is not encrypted. The python script doesn't work so, but I can extract the salt and password hash of the file.

Do you if this password is encrypted the same way as the regular encryption routine of a file? If so, how can I merge the hash for hashcat manually?

Thanks for your help!
Reply
#29
Hi, I have a quick question on colliding.

I see that it has been successfully implemented for $oldoffice $1 $2 and $3. Do you know if this will also work for $4? I know that oclhashcat (-m 9810) currently only matches hashes for $3. Is this because it is not possible to collide in $4 or it was accidentally omitted in the hash matching code?
Reply
#30
The collider modes work due to the fact Microsoft truncated the RC4 key to 40 bits in types $1, $2 and $3. The $4 type does not have that (intended) flaw so it's not beneficial to attack the RC4 key directly.
Reply