I found a password with hashcat, but it doesn't workHow easy is it to find a password in a huge text file?Line Length Exception in hashcatwhat order does the incremental mode of john the ripper, brute force passwords in?John the ripper does not crack passwordCant crack Responder hashes with John or HashcatWhy won't pdf2john extract the password hash of this encrypted pdf? Getting blank resultsBrute-Forcing DVWA login page with hydraCan't figure out input format for Hashcat salts with odd characters in salt
Does the original Game Boy game "Tetris" have a battery memory inside the cartridge?
Is (manual) feature extraction outdated?
Why is Google's quantum supremacy experiment impressive?
On how/if I should ask my supervisor about lead authorship?
Is it possible to have a preference relation that is complete but not transitive?
5e Path of Totem Barbarian, are Physical Totems considered magical items/accessories?
In what way were Renaissance battles like chess matches?
How do you link two checking accounts from two different banks in two different countries?
What are valid bugs
Modification of a public property - LWC
Has an engineer called Trevor Jackson invented a revolutionary battery allowing for a car range of 1500 miles?
Is this bible in Koine Greek?
Is it worth delving deep outside my field to revise a paper?
Grid Deduction Deduction: Cave or Tapa?
How to Keep Winged People Where They Belong?
Understanding the use of 'eo' in a sentence from LLPSI
Why was the Vulcan bomber used for the Falklands raid?
English equivalent of the Malayalam saying "don't stab/poke the dead body"?
Log user out after change of IP address?
How likely are you to be injured by falling shot from a game shoot?
identifying pin 1 of ref195
Locked out of my own server: getting "Too many authentication failures" right away when connecting via ssh
What happens if a country signs mutual defense treaties with several countries who later go to war with each other?
Do any Star Trek characters play rock band instruments?
I found a password with hashcat, but it doesn't work
How easy is it to find a password in a huge text file?Line Length Exception in hashcatwhat order does the incremental mode of john the ripper, brute force passwords in?John the ripper does not crack passwordCant crack Responder hashes with John or HashcatWhy won't pdf2john extract the password hash of this encrypted pdf? Getting blank resultsBrute-Forcing DVWA login page with hydraCan't figure out input format for Hashcat salts with odd characters in salt
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
My assignment required me to find the password for a PowerPoint file (97 - 2003, v. 8.0 - v. 11.0).
I used office2john.py to retrieve the hash, and I removed the file name.
The hash is:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a
Then I put the hash in hashcat with the following command:
hashcat64.exe -m 9800 -a 3 s.hash ?l?l?l?l?l?l?l?l -D 1,2 -w 4
hashcat cracked it and gave me the password, but when I insert the password in PowerPoint it says that the password is wrong (iemuzqau).
Did I do something wrong?
passwords hash password-cracking hashcat
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
add a comment
|
My assignment required me to find the password for a PowerPoint file (97 - 2003, v. 8.0 - v. 11.0).
I used office2john.py to retrieve the hash, and I removed the file name.
The hash is:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a
Then I put the hash in hashcat with the following command:
hashcat64.exe -m 9800 -a 3 s.hash ?l?l?l?l?l?l?l?l -D 1,2 -w 4
hashcat cracked it and gave me the password, but when I insert the password in PowerPoint it says that the password is wrong (iemuzqau).
Did I do something wrong?
passwords hash password-cracking hashcat
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
11
Could you comment on the accepted answer what’s the solution for you was? Did any of the other passwords worked?
– eckes
Jun 17 at 9:13
3
i'm still cracking a working password i'm using the '?l?d_-.:;!' charset
– Fabius
Jun 17 at 9:31
add a comment
|
My assignment required me to find the password for a PowerPoint file (97 - 2003, v. 8.0 - v. 11.0).
I used office2john.py to retrieve the hash, and I removed the file name.
The hash is:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a
Then I put the hash in hashcat with the following command:
hashcat64.exe -m 9800 -a 3 s.hash ?l?l?l?l?l?l?l?l -D 1,2 -w 4
hashcat cracked it and gave me the password, but when I insert the password in PowerPoint it says that the password is wrong (iemuzqau).
Did I do something wrong?
passwords hash password-cracking hashcat
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
My assignment required me to find the password for a PowerPoint file (97 - 2003, v. 8.0 - v. 11.0).
I used office2john.py to retrieve the hash, and I removed the file name.
The hash is:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a
Then I put the hash in hashcat with the following command:
hashcat64.exe -m 9800 -a 3 s.hash ?l?l?l?l?l?l?l?l -D 1,2 -w 4
hashcat cracked it and gave me the password, but when I insert the password in PowerPoint it says that the password is wrong (iemuzqau).
Did I do something wrong?
passwords hash password-cracking hashcat
passwords hash password-cracking hashcat
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
edited Jun 17 at 8:53
Peter Mortensen
7524 silver badges9 bronze badges
7524 silver badges9 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
asked Jun 16 at 7:20
FabiusFabius
4191 gold badge2 silver badges8 bronze badges
4191 gold badge2 silver badges8 bronze badges
11
Could you comment on the accepted answer what’s the solution for you was? Did any of the other passwords worked?
– eckes
Jun 17 at 9:13
3
i'm still cracking a working password i'm using the '?l?d_-.:;!' charset
– Fabius
Jun 17 at 9:31
add a comment
|
11
Could you comment on the accepted answer what’s the solution for you was? Did any of the other passwords worked?
– eckes
Jun 17 at 9:13
3
i'm still cracking a working password i'm using the '?l?d_-.:;!' charset
– Fabius
Jun 17 at 9:31
11
11
Could you comment on the accepted answer what’s the solution for you was? Did any of the other passwords worked?
– eckes
Jun 17 at 9:13
Could you comment on the accepted answer what’s the solution for you was? Did any of the other passwords worked?
– eckes
Jun 17 at 9:13
3
3
i'm still cracking a working password i'm using the '?l?d_-.:;!' charset
– Fabius
Jun 17 at 9:31
i'm still cracking a working password i'm using the '?l?d_-.:;!' charset
– Fabius
Jun 17 at 9:31
add a comment
|
1 Answer
1
active
oldest
votes
The password hashes for MS Office 97-2003 are vulnerable to collision attacks. That is, multiple passwords exist that should be able to open the document.
That also means that the password "iemuzqau" is not necessarily the original password that was set by the author. It is just one of the passwords that should be accepted, because it matches the internal scheme to check for the correct password.
For the $3 type hash that you got, the hashcat methods 9810 and 9820 can be used to create password candidates faster than raw brute-force (mode 9800).
According to the linked thread that should work by first executing the following command:
hashcat64.exe -m 9810 -w 3 s.hash -o hash.rc4 -a 3 ?b?b?b?b?b
The output will be something like:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd
Then you take the output of that command and execute:
hashcat64.exe -m 9820 -w 3 hash.rc4 -a 3 ?l?l?l?l?l?l?l?l?l?l --increment
This will then produce the following output:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:iemuzqau
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:cvsfjkwoa
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:yrmbatnya
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:mzvmxmyke
...
The mode 9820 is a mode that "keeps cracking". That is, it will not stop outputting valid passwords after the first match. This behaviour was changed recently so you might have to specify --keep-guessing on your command line, depending on the version that you use.
That does not explain why your password is not accepted by PowerPoint as only valid candidates should be generated by hashcat. But maybe you can use the described workflow to generate additional valid passwords and try them.
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
33
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
44
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
33
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
9
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
21
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
|
show 10 more comments
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f211918%2fi-found-a-password-with-hashcat-but-it-doesnt-work%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The password hashes for MS Office 97-2003 are vulnerable to collision attacks. That is, multiple passwords exist that should be able to open the document.
That also means that the password "iemuzqau" is not necessarily the original password that was set by the author. It is just one of the passwords that should be accepted, because it matches the internal scheme to check for the correct password.
For the $3 type hash that you got, the hashcat methods 9810 and 9820 can be used to create password candidates faster than raw brute-force (mode 9800).
According to the linked thread that should work by first executing the following command:
hashcat64.exe -m 9810 -w 3 s.hash -o hash.rc4 -a 3 ?b?b?b?b?b
The output will be something like:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd
Then you take the output of that command and execute:
hashcat64.exe -m 9820 -w 3 hash.rc4 -a 3 ?l?l?l?l?l?l?l?l?l?l --increment
This will then produce the following output:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:iemuzqau
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:cvsfjkwoa
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:yrmbatnya
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:mzvmxmyke
...
The mode 9820 is a mode that "keeps cracking". That is, it will not stop outputting valid passwords after the first match. This behaviour was changed recently so you might have to specify --keep-guessing on your command line, depending on the version that you use.
That does not explain why your password is not accepted by PowerPoint as only valid candidates should be generated by hashcat. But maybe you can use the described workflow to generate additional valid passwords and try them.
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
33
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
44
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
33
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
9
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
21
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
|
show 10 more comments
The password hashes for MS Office 97-2003 are vulnerable to collision attacks. That is, multiple passwords exist that should be able to open the document.
That also means that the password "iemuzqau" is not necessarily the original password that was set by the author. It is just one of the passwords that should be accepted, because it matches the internal scheme to check for the correct password.
For the $3 type hash that you got, the hashcat methods 9810 and 9820 can be used to create password candidates faster than raw brute-force (mode 9800).
According to the linked thread that should work by first executing the following command:
hashcat64.exe -m 9810 -w 3 s.hash -o hash.rc4 -a 3 ?b?b?b?b?b
The output will be something like:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd
Then you take the output of that command and execute:
hashcat64.exe -m 9820 -w 3 hash.rc4 -a 3 ?l?l?l?l?l?l?l?l?l?l --increment
This will then produce the following output:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:iemuzqau
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:cvsfjkwoa
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:yrmbatnya
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:mzvmxmyke
...
The mode 9820 is a mode that "keeps cracking". That is, it will not stop outputting valid passwords after the first match. This behaviour was changed recently so you might have to specify --keep-guessing on your command line, depending on the version that you use.
That does not explain why your password is not accepted by PowerPoint as only valid candidates should be generated by hashcat. But maybe you can use the described workflow to generate additional valid passwords and try them.
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
33
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
44
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
33
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
9
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
21
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
|
show 10 more comments
The password hashes for MS Office 97-2003 are vulnerable to collision attacks. That is, multiple passwords exist that should be able to open the document.
That also means that the password "iemuzqau" is not necessarily the original password that was set by the author. It is just one of the passwords that should be accepted, because it matches the internal scheme to check for the correct password.
For the $3 type hash that you got, the hashcat methods 9810 and 9820 can be used to create password candidates faster than raw brute-force (mode 9800).
According to the linked thread that should work by first executing the following command:
hashcat64.exe -m 9810 -w 3 s.hash -o hash.rc4 -a 3 ?b?b?b?b?b
The output will be something like:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd
Then you take the output of that command and execute:
hashcat64.exe -m 9820 -w 3 hash.rc4 -a 3 ?l?l?l?l?l?l?l?l?l?l --increment
This will then produce the following output:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:iemuzqau
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:cvsfjkwoa
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:yrmbatnya
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:mzvmxmyke
...
The mode 9820 is a mode that "keeps cracking". That is, it will not stop outputting valid passwords after the first match. This behaviour was changed recently so you might have to specify --keep-guessing on your command line, depending on the version that you use.
That does not explain why your password is not accepted by PowerPoint as only valid candidates should be generated by hashcat. But maybe you can use the described workflow to generate additional valid passwords and try them.
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
The password hashes for MS Office 97-2003 are vulnerable to collision attacks. That is, multiple passwords exist that should be able to open the document.
That also means that the password "iemuzqau" is not necessarily the original password that was set by the author. It is just one of the passwords that should be accepted, because it matches the internal scheme to check for the correct password.
For the $3 type hash that you got, the hashcat methods 9810 and 9820 can be used to create password candidates faster than raw brute-force (mode 9800).
According to the linked thread that should work by first executing the following command:
hashcat64.exe -m 9810 -w 3 s.hash -o hash.rc4 -a 3 ?b?b?b?b?b
The output will be something like:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd
Then you take the output of that command and execute:
hashcat64.exe -m 9820 -w 3 hash.rc4 -a 3 ?l?l?l?l?l?l?l?l?l?l --increment
This will then produce the following output:
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:iemuzqau
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:cvsfjkwoa
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:yrmbatnya
$oldoffice$3*1b085471a28011c5348c5f0b8f29d24e*99294d3ebc790cfc325cca851f56d433*9e3556d0775d0aa198060a815be7be4c58e1fe2a:5ffd0b24bd:mzvmxmyke
...
The mode 9820 is a mode that "keeps cracking". That is, it will not stop outputting valid passwords after the first match. This behaviour was changed recently so you might have to specify --keep-guessing on your command line, depending on the version that you use.
That does not explain why your password is not accepted by PowerPoint as only valid candidates should be generated by hashcat. But maybe you can use the described workflow to generate additional valid passwords and try them.
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
edited Jun 18 at 19:12
Michael
1,22713 silver badges27 bronze badges
1,22713 silver badges27 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
answered Jun 16 at 11:31
DenisDenis
3,4232 gold badges14 silver badges15 bronze badges
3,4232 gold badges14 silver badges15 bronze badges
33
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
44
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
33
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
9
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
21
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
|
show 10 more comments
33
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
44
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
33
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
9
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
21
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
33
33
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
I must be missing something, but shouldn’t a collision work the same as the original password?
– nadavvadan
Jun 17 at 20:26
44
44
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
@nadavvadan: Not sure if PPT works that way, but in general, no. If the software encrypts the whole file with the original password, and stores the hash just for verification purposes, then it'll accept anything that matches the hash, but decrypting the file with anything but the real password will yield unreadable garbage.
– Guntram Blohm
Jun 17 at 21:58
33
33
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
I was missing the obvious - there’s a hash collision, but there’s also encryption involved which obviously uses a different algorithm; the collision only applies for the hash function.
– nadavvadan
Jun 18 at 4:09
9
9
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
Ok, so if this is the case, what's the point of the hash at all? Couldn't it just go straight to decrypting and decide (i.e. depending on valid header data) if the password was right or not? I mean, this appears to be the case if a valid password for a given hash does not work. So why's there a hash in the first place?
– Num Lock
Jun 18 at 4:59
21
21
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
@NumLock The most important reason is probably UX. Relying on looking at whether your decrypted data looks valid or corrupt to tell if you were given a correct password makes it impossible to distinguish between the user providing an incorrect password and providing a correct password to a corrupt or truncated file. Consequently, it means that you can't tell the user which of those things has happened; you just have to report to them that either they provided the wrong password or the file is corrupt, which is a crappy experience for the user. Office's approach solves that problem.
– Mark Amery
Jun 18 at 11:35
|
show 10 more comments
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f211918%2fi-found-a-password-with-hashcat-but-it-doesnt-work%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
11
Could you comment on the accepted answer what’s the solution for you was? Did any of the other passwords worked?
– eckes
Jun 17 at 9:13
3
i'm still cracking a working password i'm using the '?l?d_-.:;!' charset
– Fabius
Jun 17 at 9:31