Scribd
Upload
197 views

Mycoursefree - Click - 001 Microsoft-Word-Password-Cracking-with-John

Office Password Cracking with John (Recover Word, Excel, PowerPoint Passwords) This document discusses how to crack passwords for password protected Office files using John the Ripper password cracking tool. It provides a 5 step process: 1) Create a password protected file and copy it to Kali Linux, 2) Use office2john to extract the hash from the file, 3) Crack the hash using John the Ripper, 4) Check the cracked password, and 5) Additional attacks like dictionary, mask, and multi-process attacks that can be used with John to crack passwords more efficiently.

Uploaded by

alrames262
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
197 views

Mycoursefree - Click - 001 Microsoft-Word-Password-Cracking-with-John

Office Password Cracking with John (Recover Word, Excel, PowerPoint Passwords) This document discusses how to crack passwords for password protected Office files using John the Ripper password cracking tool. It provides a 5 step process: 1) Create a password protected file and copy it to Kali Linux, 2) Use office2john to extract the hash from the file, 3) Crack the hash using John the Ripper, 4) Check the cracked password, and 5) Additional attacks like dictionary, mask, and multi-process attacks that can be used with John to crack passwords more efficiently.

Uploaded by

alrames262
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Office Password Cracking

with John
(Recover Word, Excel, PowerPoint Passwords)

1
John The Ripper (JTR) is one of the most popular
password cracking tools available in most Penetration
testing Linux distributions like Kali Linux, Parrot OS, etc.
The tool has a user-friendly command-line interface and
the ability to detect most password hash types. This
lesson will dive into John the Ripper, show you how it
works, and explain why you need it for security testing
CONCEPT
Step-1 Step-2
• Get the Hash from the office • Crack the hash with John
file

You must have Kali Linux Installed in Vmware or Virtual Box

3
Step- 1
 Prepare a password protected word file

Save the word file in Windows, Go to general options


and give the password

4
Step- 2
 Copy the file from Windows machine to Kali

You can directly copy files to Vmware machine or you


can use USB to transfer the file

5
Step- 3
 Get the hash of the document with following command

office2john crackme2.docx > hash2.txt

Here :
 Crackme2.docx is the password protected file
 Hash2.txt is the txt file that will contain our hash that is
required to be cracked

6
Step- 3
 Get the hash of the document with following command

office2john crackme2.docx > hash2.txt

7
Step- 4
 Now crack the password with following command

John hash2.txt

Here :
 Hash2.txt file is the file that contains our hash for the
document file
By default it will first try with the single crack attack (check the
combination of file names for passwords, then the default
dictionary and then go for brute force)

8
Step- 4
 Now crack the password with following command

John hash2.txt

9
Step- 5
 To check the cracked password

John ‐‐show hash2.txt

10
John Additional Attacks

11
Multi-Attack
 To run john faster and use it with multiple processes

John hash2.txt ‐‐fork=3

Here :
 fork=3 tells john that three processes be created for cracking
passwords (Useful in multicore processor)

12
Dictionary Attack

 Use only inbuilt dictionary file

john ‐‐w hash2.txt (Will use inbuilt dictionary)

13
Dictionary Attack
 To use rockyou dictionary, un compress the file
 gunzip /usr/share/wordlists/rockyou.txt.gz
 ls /usr/share/wordlists/

14
Dictionary Attack

 To use the rockyou.txt dictionary file

john ‐w=“/usr/share/wordlists/rockyou.txt” hash.txt

Here :
 ‐‐/usr/share/wordlists/rockyou.txt is the dictionary
 Hash.txt is the hash, we are aiming to crack

15
Dictionary Attack

 To use the rockyou.txt dictionary file

john ‐w=“/usr/share/wordlists/rockyou.txt” hash.txt

16
Mask Attack
 If you know number of digits or type of password, you can use
the masking attack

john ‐‐mask='?d?d?d’ hash2.txt

Here :
 ?d tells that there is a digit.
 ?d?d?d will check all combination of 3 digits
 You can specify ?l for lower case characters or ?u for upper
case characters

17
Mask Attack

john ‐‐mask='?d?d?d’ hash2.txt

18
Mask Attack

 To clear John cache to remove saved passwords

find ‐name “john.pot“


Rm ./.john/john.pot

19
DEMO

20
Additional Resources

Best Alternate Word lists Collections.


 https://weakpass.com/
 https://github.com/danielmiessler/SecLists/tree/master/Pass
words/WiFi-WPA
 https://labs.nettitude.com/blog/rocktastic/
 https://github.com/kennyn510/wpa2-wordlists

21
THANKS

22

You might also like