Skip to content

Instantly share code, notes, and snippets.

@fernandodev

fernandodev/recover_word_password.md

Last active November 9, 2019 14:49
Show Gist options
  • Save fernandodev/24073e39ad28e38785adeab5970d1835 to your computer and use it in GitHub Desktop.
Save fernandodev/24073e39ad28e38785adeab5970d1835 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
recover_word_password.md

How to recover lost M$ Word password

After a lot of investiment researching and building scripts to crack an old word file I've lost the password, finally I found the final guide for it:

In Short

$ python3 office2hashcat.py wordfile.doc > hashcat.txt
$ hashcat -m 9700 -a 3 hashcat.txt -i "?a?a?a?a?a?a"

How does it work?

Understanding

Thanks to atom, this was not a hard task. Here is everything explained step-by-step: https://hashcat.net/forum/thread-3665.html So, you will see that MS Word uses RC4 + MD5 for mode $0 and $1 and RC4 + SHA1 for mode $3 and $4. RC4 = algo used for encryption. SHA1 = hash function. MD5 = hash function. So, you will use RC4 and MD5 or SHA1. Where you find this $0, $1, $3, $4? It is the first part of hash extracted with office2hashcat.py (https://github.com/stricture/hashstack-s...hashcat.py) Eg. of extracted hash: $oldoffice$1d6aabb63363188b9b73a88efb9c9152eafbbb9254764273f8f4fad9a5d82981f*6f09fd2eafc4ade522b5f2bee0eaf66d (https://hashcat.net/forum/thread-3665.html) As you can see, after the word old office, we have $1, so, this hash uses RC4 + MD5.

Extracted hash

The extracted hash have this fields:

  1. Kind of encryption scheme used ($1, $2, $3, $4)
  2. Salt => what are between 1 and 2 asterisk => d6aabb63363188b9b73a88efb9c9152e
  3. EncryptedVerifier => what are between 2 and 3 asterisk => afbbb9254764273f8f4fad9a5d82981f
  4. EncryptedVerifierHash => what are after 3 asterisk => 6f09fd2eafc4ade522b5f2bee0eaf66d

Using Hashcat

After understanding how to do it manually, lets do it with hashcat. First create a file and save this inside: $oldoffice$1d6aabb63363188b9b73a88efb9c9152eafbbb9254764273f8f4fad9a5d82981f*6f09fd2eafc4ade522b5f2bee0eaf66d Now, we will understand the hashcat modes that you can use: -m 9700 = find a password -m 9710 = crack the RC4 key -m 9720 = collide the RC4 key with a candidate password

So, we can do this path hashcat -m 9700 -a 3 <file.hash> -i ?a?a?a?a?a?a => you will try to find a valid password to open the file. This mode will do the something that mode -m 9710 plus -m 9720 hashcat -m 9710 -a 3 --hex-charset ?b?b?b?b?b => this will recover the RC4 key only, not the password. hashcat -m 9720 -a 3 <file.rc4> -I ?a?a?a?a?a?a => this will try to find a password from the RC4 key.

Inside <file.hash> $oldoffice$1d6aabb63363188b9b73a88efb9c9152eafbbb9254764273f8f4fad9a5d82981f6f09fd2eafc4ade522b5f2bee0eaf66d Inside <file.rc4>: $oldoffice$1d6aabb63363188b9b73a88efb9c9152eafbbb9254764273f8f4fad9a5d82981f6f09fd2eafc4ade522b5f2bee0eaf66d:f2ab1219ae

You do not have to use the 3 options; use only -m 9700 OR -m 9710 then -m 9720.

Conclusion

It took me 1 day and 1h to find a candidate password. That's awesome! Now I have my content written in 2008 back to live :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment