BF old office password
#1
Hello,

I extract hash from oldoffice ppt with office2john.
The hash is like this : $oldoffice$3*xxxxxx*xxxxx*xxxx

Ok, I used this commandline for bruteforce this hash :
hashcat64.exe -a 3 -m 9800 hashppt.txt --increment --increment-min=6 --status -1 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1
After ~1h, in pot file I have this :

$oldoffice$3*xxxxxx*xxxxx*xxxx:yyyyy

I try to open my ppt with the pass ("yyyyyy"), but it doesn't work.
Any idea?
#2
(11-03-2016, 05:47 PM)ghecko Wrote: Hello,

I extract hash from oldoffice ppt with office2john.
The hash is like this : $oldoffice$3*xxxxxx*xxxxx*xxxx

Ok, I used this commandline for bruteforce this hash :
hashcat64.exe -a 3 -m 9800 hashppt.txt --increment --increment-min=6 --status -1 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1
After ~1h, in pot file I have this :

$oldoffice$3*xxxxxx*xxxxx*xxxx:yyyyy

I try to open my ppt with the pass ("yyyyyy"), but it doesn't work.
Any idea?

try "yyyyy"?
#3
(11-03-2016, 07:36 PM)5k33tz Wrote:
(11-03-2016, 05:47 PM)ghecko Wrote: Hello,

I extract hash from oldoffice ppt with office2john.
The hash is like this : $oldoffice$3*xxxxxx*xxxxx*xxxx

Ok, I used this commandline for bruteforce this hash :
hashcat64.exe -a 3 -m 9800 hashppt.txt --increment --increment-min=6 --status -1 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1
After ~1h, in pot file I have this :

$oldoffice$3*xxxxxx*xxxxx*xxxx:yyyyy

I try to open my ppt with the pass ("yyyyyy"), but it doesn't work.
Any idea?

try "yyyyy"?

I didn't understand your question..
The password is represent by "yyyyyy", I try to open my file with this
#4
(11-03-2016, 11:10 PM)ghecko Wrote:
(11-03-2016, 07:36 PM)5k33tz Wrote:
(11-03-2016, 05:47 PM)ghecko Wrote: Hello,

I extract hash from oldoffice ppt with office2john.
The hash is like this : $oldoffice$3*xxxxxx*xxxxx*xxxx

Ok, I used this commandline for bruteforce this hash :
hashcat64.exe -a 3 -m 9800 hashppt.txt --increment --increment-min=6 --status -1 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1
After ~1h, in pot file I have this :

$oldoffice$3*xxxxxx*xxxxx*xxxx:yyyyy

I try to open my ppt with the pass ("yyyyyy"), but it doesn't work.
Any idea?

try "yyyyy"?

I didn't understand your question..
The password is represent by "yyyyyy", I try to open my file with this

You show the password as cracked with y 5 times.
[Image: wusba1.png]

But you are saying you're typing the password into the powerpoint with y 6 times.
[Image: mrerna.png]


My question is why you are typing the extra y into the powerpoint?
#5
(11-03-2016, 11:24 PM)5k33tz Wrote:
(11-03-2016, 11:10 PM)ghecko Wrote:
(11-03-2016, 07:36 PM)5k33tz Wrote:
(11-03-2016, 05:47 PM)ghecko Wrote: Hello,

I extract hash from oldoffice ppt with office2john.
The hash is like this : $oldoffice$3*xxxxxx*xxxxx*xxxx

Ok, I used this commandline for bruteforce this hash :
hashcat64.exe -a 3 -m 9800 hashppt.txt --increment --increment-min=6 --status -1 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1
After ~1h, in pot file I have this :

$oldoffice$3*xxxxxx*xxxxx*xxxx:yyyyy

I try to open my ppt with the pass ("yyyyyy"), but it doesn't work.
Any idea?

try "yyyyy"?

I didn't understand your question..
The password is represent by "yyyyyy", I try to open my file with this

You show the password as cracked with y 5 times.
[Image: wusba1.png]

But you are saying you're typing the password into the powerpoint with y 6 times.
[Image: mrerna.png]


My question is why you are typing the extra y into the powerpoint?

OK its juste an example, I enter exactly the same password to open the file
#6
(11-04-2016, 09:27 AM)ghecko Wrote:
(11-03-2016, 11:24 PM)5k33tz Wrote:
(11-03-2016, 11:10 PM)ghecko Wrote:
(11-03-2016, 07:36 PM)5k33tz Wrote:
(11-03-2016, 05:47 PM)ghecko Wrote: Hello,

I extract hash from oldoffice ppt with office2john.
The hash is like this : $oldoffice$3*xxxxxx*xxxxx*xxxx

Ok, I used this commandline for bruteforce this hash :
hashcat64.exe -a 3 -m 9800 hashppt.txt --increment --increment-min=6 --status -1 ?l?d?s?u ?1?1?1?1?1?1?1?1?1?1?1?1?1
After ~1h, in pot file I have this :

$oldoffice$3*xxxxxx*xxxxx*xxxx:yyyyy

I try to open my ppt with the pass ("yyyyyy"), but it doesn't work.
Any idea?

try "yyyyy"?

I didn't understand your question..
The password is represent by "yyyyyy", I try to open my file with this

You show the password as cracked with y 5 times.
[Image: wusba1.png]

But you are saying you're typing the password into the powerpoint with y 6 times.
[Image: mrerna.png]


My question is why you are typing the extra y into the powerpoint?

OK its juste an example, I enter exactly the same password to open the file

try this https://www.onlinehashcrack.com/
perhaps what u got is wrong, try with another version of hashcat, instead of masking like u did last time just put ur password that u got from the first time and see if u get the same result
#7
(11-04-2016, 01:37 PM)kiara Wrote:
(11-04-2016, 09:27 AM)ghecko Wrote:
(11-03-2016, 11:24 PM)5k33tz Wrote:
(11-03-2016, 11:10 PM)ghecko Wrote:
(11-03-2016, 07:36 PM)5k33tz Wrote: try "yyyyy"?

I didn't understand your question..
The password is represent by "yyyyyy", I try to open my file with this

You show the password as cracked with y 5 times.
[Image: wusba1.png]

But you are saying you're typing the password into the powerpoint with y 6 times.
[Image: mrerna.png]


My question is why you are typing the extra y into the powerpoint?

OK its juste an example, I enter exactly the same password to open the file

try this https://www.onlinehashcrack.com/
perhaps what u got is wrong, try with another version of hashcat, instead of masking like u did last time just put ur password that u got from the first time and see if u get the same result

Thx for your answer
This websites find my password for me but for recover it I must pay...
With random password MS Powerpoint say the password is wrong, and with hashcat password not, simply crash Powerpoint
#8
Stop using the "Quote" function, this thread is impossible to read.
#9
Quote:Thx for your answer
This websites find my password for me but for recover it I must pay...
With random password MS Powerpoint say the password is wrong, and with hashcat password not, simply crash Powerpoint

the website should i think tells u at least how many characters as in it right?
so its something.., try to use their info to ur advantage, 
by the way which version did u use when u recieved the wrong password.
and did u try to use different version like i told u to?