Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 28 Apr 2021 14:39:08 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Extracting the hash from MS word

On 2021-04-28 01:31, Ian B wrote:
> On 27/04/2021 23:05 magnum penned these words:
>> On 2021-04-27 03:14, Ian B wrote:
>>> I am going through an old directory and binning/checking some old
>>> documents ~2005/6 there's a few encrypted word documents for which I
>>> have forgotten the password. I successfully recovered the hash and hence
>>> the password from a few with the office2john.py script. However, for two
>>> of them this fails with the following issue
>>>
>>> em1.doc : invalid keySize
>>> Traceback (most recent call last):
>>>     File "./office2john.py", line 3148, in <module>
>>>       ret = process_file(sys.argv[i].decode("utf8"))
>>>     File "./office2john.py", line 3109, in process_file
>>>       passinfo = find_rc4_passinfo_doc(filename, workbookStream)
>>>     File "./office2john.py", line 2553, in find_rc4_passinfo_doc
>>>       if typ == 3:
>>> UnboundLocalError: local variable 'typ' referenced before assignment

>> If latest code give you an error, we have a bug somewhere. If you're
>> willing to share one of those files with us (or just me, in private
>> email) we can have a look at it.
> 
> Yep it is the latest, to be sure I just grabbed the one form your link, 
> identical issue. I'll email you the document, I doubt after 15 years or 
> so it is of interest just trying to check before I scrap :D I spent way 
> too much time but now I am intrigued to know what it is and why it is 
> proving tough.

This is now https://github.com/openwall/john/issues/4705 on GitHub.

Ian, best would be if you could apply the patch I posted and re-build, 
then possibly crack at least one of your documents using whatever 
knowledge you might have about possible passwords. If we just get a 
notice you succeed with that, we can commit some permanent code for this.

Failing that, we'd probably need to install some old Windows and old 
(pre 2003) Word (or Office) in a virtual machine, fiddle with the 
registry to disable 40-bit RC4 and/or enable 56-bit and try to create a 
sample document with a known password.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.