Hash of office file need to be cracked.
#1
Dear friends,

at first I want to apologize for my poor english.

Maybe somone can help me or can give a good advice.

I friend of mine send me a encrypted office file with a story inside. It's kind of challange.

I extracted the hash with office2john. Now I need to crack the hash to get the story.

I run hashcat with the string:

Code:
hashcat -m 9600 -o cracked -r /usr/share/oclHashcat/rules/best64.rule officepassword

What I get is:

Code:
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-AMD Phenom(tm) II X4 965 Processor, 2048/4470 MB allocatable, 4MCU

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77

Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256

Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.

* Device #1: build_opts '-cl-std=CL1.2 -I OpenCL -I /usr/share/hashcat/OpenCL -D LOCAL_MEM_TYPE=2 -D VENDOR_ID=64 -D CUDA_ARCH=0 -D AMD_ROCM=0 -D VECT_SIZE=4 -D DEVICE_TYPE=2 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=4 -D KERN_TYPE=9600 -D _unroll'
Starting attack in stdin mode...

Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*0fee92ae708d232d390b7bf...8f0dd4
Time.Started.....: Mon Oct  7 16:55:22 2019 (10 secs)
Time.Estimated...: Mon Oct  7 16:55:32 2019 (0 secs)
Guess.Base.......: Pipe
Guess.Mod........: Rules (/usr/share/oclHashcat/rules/best64.rule)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:64 Loops:64 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-64
Candidates.#1....: [Copying]

Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*0fee92ae708d232d390b7bf...8f0dd4
Time.Started.....: Mon Oct  7 16:55:22 2019 (20 secs)
Time.Estimated...: Mon Oct  7 16:55:42 2019 (0 secs)
Guess.Base.......: Pipe
Guess.Mod........: Rules (/usr/share/oclHashcat/rules/best64.rule)
Speed.#1.........:        0 H/s (0.00ms) @ Accel:64 Loops:64 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-64
Candidates.#1....: [Copying]

ATTENTION! Read timeout in stdin mode. The password candidates input is too slow:
* Are you sure that you are using the correct attack mode (--attack-mode or -a)?
* Are you sure that you want to use input from standard input (stdin)?
* If so, are you sure that the input from stdin (the pipe) is working correctly and is fast enough?

I assume, that the mistake is on my side. Kann someone help? Where I did the mistake, how I can go further?

With best regards

Katzenjaeger
Reply
#2
you forgot to specify a wordlist
Reply