10-07-2019, 05:06 PM
(This post was last modified: 10-07-2019, 05:07 PM by katzenjaeger.)
Dear friends,
at first I want to apologize for my poor english.
Maybe somone can help me or can give a good advice.
I friend of mine send me a encrypted office file with a story inside. It's kind of challange.
I extracted the hash with office2john. Now I need to crack the hash to get the story.
I run hashcat with the string:
What I get is:
I assume, that the mistake is on my side. Kann someone help? Where I did the mistake, how I can go further?
With best regards
Katzenjaeger
at first I want to apologize for my poor english.
Maybe somone can help me or can give a good advice.
I friend of mine send me a encrypted office file with a story inside. It's kind of challange.
I extracted the hash with office2john. Now I need to crack the hash to get the story.
I run hashcat with the string:
Code:
hashcat -m 9600 -o cracked -r /usr/share/oclHashcat/rules/best64.rule officepassword
What I get is:
Code:
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-AMD Phenom(tm) II X4 965 Processor, 2048/4470 MB allocatable, 4MCU
Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates
Rules: 77
Applicable optimizers:
* Zero-Byte
* Single-Hash
* Single-Salt
* Slow-Hash-SIMD-LOOP
Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Watchdog: Hardware monitoring interface not found on your system.
Watchdog: Temperature abort trigger disabled.
* Device #1: build_opts '-cl-std=CL1.2 -I OpenCL -I /usr/share/hashcat/OpenCL -D LOCAL_MEM_TYPE=2 -D VENDOR_ID=64 -D CUDA_ARCH=0 -D AMD_ROCM=0 -D VECT_SIZE=4 -D DEVICE_TYPE=2 -D DGST_R0=0 -D DGST_R1=1 -D DGST_R2=2 -D DGST_R3=3 -D DGST_ELEM=4 -D KERN_TYPE=9600 -D _unroll'
Starting attack in stdin mode...
Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*0fee92ae708d232d390b7bf...8f0dd4
Time.Started.....: Mon Oct 7 16:55:22 2019 (10 secs)
Time.Estimated...: Mon Oct 7 16:55:32 2019 (0 secs)
Guess.Base.......: Pipe
Guess.Mod........: Rules (/usr/share/oclHashcat/rules/best64.rule)
Speed.#1.........: 0 H/s (0.00ms) @ Accel:64 Loops:64 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-64
Candidates.#1....: [Copying]
Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*0fee92ae708d232d390b7bf...8f0dd4
Time.Started.....: Mon Oct 7 16:55:22 2019 (20 secs)
Time.Estimated...: Mon Oct 7 16:55:42 2019 (0 secs)
Guess.Base.......: Pipe
Guess.Mod........: Rules (/usr/share/oclHashcat/rules/best64.rule)
Speed.#1.........: 0 H/s (0.00ms) @ Accel:64 Loops:64 Thr:1 Vec:4
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 0
Rejected.........: 0
Restore.Point....: 0
Restore.Sub.#1...: Salt:0 Amplifier:0-0 Iteration:0-64
Candidates.#1....: [Copying]
ATTENTION! Read timeout in stdin mode. The password candidates input is too slow:
* Are you sure that you are using the correct attack mode (--attack-mode or -a)?
* Are you sure that you want to use input from standard input (stdin)?
* If so, are you sure that the input from stdin (the pipe) is working correctly and is fast enough?
I assume, that the mistake is on my side. Kann someone help? Where I did the mistake, how I can go further?
With best regards
Katzenjaeger