08-18-2017, 10:48 PM
I am working on an Excel salted SHA512 hash but I am stumped (which isn't a surprise since I am a total noob at this). When I look at the hash examples a salted SHA512 hash should either be given as type 1710 ($hash:$salt) 128 hex characters:10 numericals or as type 1720 ($salt:$hash) 128 hex characters:10 numericals for hashcat to work. This creates two questions:
1. Why is the format identical for the both variants? Shouldn't type 1720 have a shorter numerical salt followed by a longer hex hash for the password? I.e 10 numericals:128 hex characters?
2. And does anybody here know how Excel's salting algorithm work? The salt is given (I extracted it the traditional way via ziping) as a 18 character long base64 string. I tried transforming it to hex, but that gave me a 32 hex character string that I cant get hashcat to accept.
And another question, the xml-file from excell also contains the words spinCount="100000". Does this in fact mean that Excel did 100 000 iterations of the SHA512 hashes? Is there anything I can or should do in the command promt because of this? The (known) password I am trying to crack is only three lowercase letters so it should still be doable, right?
I am not actually a coder so if you formulate your answer as you would to a complete idiot (a picture I think you will have no problem holding in your head ;) it would be highly appreciated :)
1. Why is the format identical for the both variants? Shouldn't type 1720 have a shorter numerical salt followed by a longer hex hash for the password? I.e 10 numericals:128 hex characters?
2. And does anybody here know how Excel's salting algorithm work? The salt is given (I extracted it the traditional way via ziping) as a 18 character long base64 string. I tried transforming it to hex, but that gave me a 32 hex character string that I cant get hashcat to accept.
And another question, the xml-file from excell also contains the words spinCount="100000". Does this in fact mean that Excel did 100 000 iterations of the SHA512 hashes? Is there anything I can or should do in the command promt because of this? The (known) password I am trying to crack is only three lowercase letters so it should still be doable, right?
I am not actually a coder so if you formulate your answer as you would to a complete idiot (a picture I think you will have no problem holding in your head ;) it would be highly appreciated :)