In a similar spirit to an old post, where I compared the cracking speed of various GPUs and CPUs, however hopefully more useful (and shorter)…
My experience with MS Office passwords is that they do more harm than good – after several months the password is lost and the document meaningless.
Let’s a create an Office 2013 excel spreadsheet which is password-protected (“economist91”):
Now, imagine half a year has passed and we have forgotten the password.
We need to obtain a hash from this file (which we can then brute-force – just like the WPA example). The easiest way to do this is to download the “office2john.py” python script from here: https://github.com/kholia/RC4-40-brute-office – otherwise this would be a lot more difficult!
We run the script like so:
> python office2john.py protected_book.xlsx
And the script returns the hash:
We need to do two things now:
- Specify what the hash-type is
- Specify the type of attack to use to crack the hash
First, we can see from the output that the hash is from a MS Office 2013 file – to get the correct flag to pass we can try:
> cudaHashcat64 –help
Hence, we will use the flag:
to identify the hash-type as “MS Office 2013”
Second, I want to perform a dictionary attack using the infamous “rockyou.txt” wordlist, from the ‘attack modes’ listed:
I will thus use:
Putting all of this together ->
cudaHashcat64.exe -a 0 -m 9600 –username “protected_book.xlsx:$office$*2013*100000*256*16*d1…” “rockyou.txt”
After around 6 minutes (because I picked a password a bit higher up in the dictionary list) we crack it:
With a speed of 4,700 hashes per second on the Nvidia GTX 980 it would take us just 50 minutes to try all the 14 mill common passwords in the wordlist.