For anyone that is not familiar with it, Hashcat is one of the most well known password cracking tools at the moment, primarily due to it’s lightning fast speed. There are several versions of the tool, allowing it to take advantage of different platforms, including ocl-hashcat and cuda-hashcat.

On the latest update of the tool (October, 2014) there was a significant addition that did not get the buzz that it should have created. That is the ability to crack Microsoft Office password hashes across all different versions (97-2003, 2007, 2010, 2013). This addition appears to have been added only to the GPU enabled versions of hashcat (ocl-hashcat, cuda-hashcat) at the moment.

There are 6 different flag codes implemented for the 97-03 hashes (depicting different implementations of the hash) and one implementation for each of the other versions of Office, as shown below.

Office 97-03(MD5+RC4,oldoffice$0,oldoffice$1): flag -m 9700 

Office 97-03(MD5+RC4,collider-mode#1): flag -m 9710

Office 97-03(MD5+RC4,collider-mode#2): flag -m 9720

Office 97-03(SHA1+RC4,oldoffice$3,oldoffice$4): flag -m 9800

Office 97-03(SHA1+RC4,collider-mode#1): flag -m 9810

Office 97-03(SHA1+RC4,collider-mode#2): flag -m 9820

Office 2007: flag -m 9400 

Office 2010: flag -m 9500

Office 2013: flag -m 9600

This guide will take you through how to use hashcat (we will use cuda-hashcat as an example) to crack Microsoft Office passwords. Important note: This is not a guide on how to install and use hashcat in general. There are a lot of other guides available on this topic, an example would be this one.

First of all, you will need a password protected document to extract a hash that needs to be cracked. For illustration purposes, I have created a Word 2007 document (example.docx) and protected it with the password “password12345“.

Our first move would be to acquire the hash from the actual document. This can be done through a python script called office2john.py (hint: you can use the hashes extracted through this script also with john the ripper).

To run office2john.py:

./office2john.py <>

On our example the results would look like this:

./office2john.py example.docx
example.docx:$office$*2007*20*128*16*3125bda60f5672f05419ae6857e11078*1f949bd0c6d642b64e1734e4bd6a0ef8*e2cbd5f857e501512a0bc9614b09762cfb312fe4

We can see that in the beginning of the hash we can identify the version Office used by this hash ($office$*2007*) Now that we have retrieved our hash, its time to start the cracking! For hashcat to be able to recognise the hash as an office document, we have to use one of the following two options:

• Remove the name of the document from the hash (up till the “:” symbol)
• Add the – -username switch during the call of the hashcat, so that the name of the document will be treated as a username

Personally, I prefer the second option, as we don’t have to mess with the hash (which can be quite cumbersome if you need to do it for several documents).

To start the cracking procedure, we can call CudaHashcat on Windows with the following switches (all in one line):

cudaHashcat64.exe -a 0 -m <> --username --status 
-o <> <> <>

Where the switches correspond to:

• -a 0: Straight dictionary attack against the hash
• -m <<Office_Flag>>: The corresponding flag for the version of Office in use (see above table)
• –username: Ignore the username flag (needs to be added for Hashcat to recognise the hash correctly)
• –status: Provides an update of the status of the process without giving a prompt
• -o <<Output_File>>: The location where the cracked hashes will be saved. The results will also be saved on the .pot file, unless otherwise specified
• <<Hash>>: The saved password hash.
• <<Dictionary>>: The list of words that will be used to try and crack the password. You can find some good wordlists here

To crack our example document, we can run the following command:

cudaHashcat64.exe -a 0 -m 9400 --username -o found.txt hash.txt pass.txt

The results should look similar to this:

$office$*2007*20*128*16*3125bda60f5672f05419ae6857e11078*1f949bd0c6d642b64e1734e4bd6a0ef8*e2cbd5f857e501512a0bc9614b09762cfb312fe4:password12345

Session.Name...: cudaHashcat
Status.........: Cracked
Input.Mode.....: File (pass.txt)
Hash.Target....: $office$*2007*20*128*16*3125bda60f5672f05419ae6857e11078*1f949bd0c6d642b64e1734e4bd6a0ef8*e2cbd5f857e501512a0bc9614b09762cfb312fe4
Hash.Type......: Office 2007
Time.Started...: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 1/1 (100.00%)
Skipped........: 0/1 (0.00%)
Rejected.......: 0/1 (0.00%)
HWMon.GPU.#1...:  0% Util, 36c Temp, N/A Fan
 

Depending on your machine, you will be amazed by the speed of the tool. On my machine, which is not built for password hashing, the average speed of cracking during bruteforcing was 3000 Hashes per second (H/s).If the password is successfully cracked, you will find it in the output file specified and in the cudaHashcat.pot file in the format Hash:Password.