Excel salts and hashes
#1
Hi
Using Excel 2013 I protected a Worksheet in the Workbook with a simple password 222. The Workbook itself is not encrypted with a password.
Please tell me how to use the hash and salt (I extracted it the traditional way via ziping).
hashValue has a length of 88 characters base64 string
saltValue has a length of 24 characters base64 string
How do I convert these values to a format that hashcat recognizes ?
Workbook is not encrypted, so office2hashcat.py can not give me a hash


Sorry for my English. 
I will be very grateful for any tips.
#2
(08-24-2018, 04:48 PM)NA Wrote: (I extracted it the traditional way via ziping).

What does that mean? hashcat cannot crack non-encryption office passwords.
#3
(08-24-2018, 04:53 PM)undeath Wrote:
(08-24-2018, 04:48 PM)NA Wrote: (I extracted it the traditional way via ziping).

What does that mean? hashcat cannot crack non-encryption office passwords.

In Excel when worksheet is protected, you can just change file extension to .rar and open with winrar or 7zip. 
Inside the archive, all sheets with their descriptions will be available (including a hash and salt if the sheet is encrypted with a password)
So I got a hash and salt for my password 222
All information looks like this

<sheetProtection algorithmName="SHA-512" hashValue="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX==" saltValue="XXXXXXXXXXXXXXXXXXXXXX==" spinCount="100000" sheet="1" objects="1" scenarios="1"/>
#4
I don't think this is supported by hashcat.
#5
(08-24-2018, 05:43 PM)undeath Wrote: I don't think this is supported by hashcat.

Hashcat has mode 1710 SHA512 ($pass.$salt)
Maybe i can use it? But first of all i need to convert my hash and salt into right length.
#6
I expect the hash to be iterated (see spinCount="100000"), and you don't know how exactly salting is done. It may even be PBKDF2.