当前位置: 首页 > news >正文

windows下hashcat使用gpu破解execl打开密码

news 2025/8/16 10:55:26

需要的软件

1.hashcat :https://hashcat.net
2.john the ripper :https://www.openwall.com

获取execl加密文件的Hash

PS G:\dl\john-1.9.0-jumbo-1-win64\john-1.9.0-jumbo-1-win64\run> python .\office2john.py .\test6.xlsx
test6.xlsx:$office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3f03f2*cda0e47886401e4baebaa35745788f2c*0fa2f3ce6ce73c772909713c130092e9c7758cf0
PS G:\dl\john-1.9.0-jumbo-1-win64\john-1.9.0-jumbo-1-win64\run>

Office 加密 Offcie 版本对应哈希类型

Office97-03(MD5+RC4,oldoffice$0,oldoffice$1):-m 9700
Office97-03($0/$1, MD5 + RC4, collider #1):-m 9710
Office97-03($0/$1, MD5 + RC4, collider #2):-m 9720
Office97-03($3/$4, SHA1 + RC4):-m 9800
Office97-03($3, SHA1 + RC4, collider #1):-m9810
Office97-03($3, SHA1 + RC4, collider #2):-m9820
Office2007:-m 9400
Office2010:-m 9500
Office2013:-m 9600

掩码说明

(2)1到8为数字掩码攻击
-a 3 --increment --increment-min 1–increment-max 8 ?d?d?d?d?d?d?d?d –O
?d代表数字,可以换成小写字母?l,大写字母?u,特殊字符?s,大小写字母+特殊字符?a,–O表示最优化破解模式,可以加该参数,也可以不加该参数。
https://cloud.tencent.com/developer/article/1688161

PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> ./hashcat.exe -m 9400   '$office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3f03f2*cda0e47886401e4baebaa35745788f2c*0fa2f3ce6ce73c772909713c130092e9c7758cf0'  -a 3 ?u?l?l?d?d?d -w 3 -o output.txt
hashcat (v7.0.0) startingCUDA API (CUDA 13.0)
====================
* Device #01: NVIDIA GeForce RTX 3090 Ti, 23285/24563 MB, 84MCUOpenCL API (OpenCL 3.0 CUDA 13.0.78) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #02: NVIDIA GeForce RTX 3090 Ti, skippedMinimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimum salt length supported by kernel: 0
Maximum salt length supported by kernel: 256Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesOptimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOPWatchdog: Temperature abort trigger set to 90cHost memory allocated for this attack: 7127 MB (111283 MB free)The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Hashcat is expecting at least 1978368 base words but only got 34.2% of that.
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/moreworkApproaching final keyspace - workload adjusted.Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 9400 (MS Office 2007)
Hash.Target......: $office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3...758cf0
Time.Started.....: Fri Aug 15 20:55:02 2025 (7 secs)
Time.Estimated...: Fri Aug 15 20:55:09 2025 (0 secs)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Mask.......: ?u?l?l?d?d?d [6]
Guess.Queue......: 1/1 (100.00%)
Speed.#01........:   403.7 kH/s (33.43ms) @ Accel:23 Loops:1000 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 2704000/17576000 (15.38%)
Rejected.........: 0/2704000 (0.00%)
Restore.Point....: 0/676000 (0.00%)
Restore.Sub.#01..: Salt:0 Amplifier:3-4 Iteration:49000-50000
Candidate.Engine.: Device Generator
Candidates.#01...: Aar123 -> Aqx849
Hardware.Mon.#01.: Temp: 70c Fan: 47% Util:100% Core:2040MHz Mem:10251MHz Bus:16Started: Fri Aug 15 20:54:57 2025
Stopped: Fri Aug 15 20:55:10 2025
PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> dir

得到密码Asw352

PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> more  output.txt
$office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3f03f2*cda0e47886401e4baebaa35745788f2c*0fa2f3ce6ce73c772909713c130092e9c7758cf0:Asw352PS G:\dl\hashcat-7.0.0\hashcat-7.0.0>

尝试破解9位的密码

PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> ./hashcat.exe -m 9400   '$office$*2007*20*128*16*101eeac7b750ed0057405812bdbacdf2*6d7433919b8434bfb54355e8768d82e4*e23ba6d66a2740e0cb910aecf4db20eed123166c'  -a 3 ?u?l?l?d?d?d?d?d?d -w 3 -o output.txt
hashcat (v7.0.0) startingCUDA API (CUDA 13.0)
====================
* Device #01: NVIDIA GeForce RTX 3090 Ti, 23285/24563 MB, 84MCUOpenCL API (OpenCL 3.0 CUDA 13.0.78) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #02: NVIDIA GeForce RTX 3090 Ti, skippedMinimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimum salt length supported by kernel: 0
Maximum salt length supported by kernel: 256Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotatesOptimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOPWatchdog: Temperature abort trigger set to 90cHost memory allocated for this attack: 7127 MB (110906 MB free)[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>Session..........: hashcat
Status...........: Running
Hash.Mode........: 9400 (MS Office 2007)
Hash.Target......: $office$*2007*20*128*16*101eeac7b750ed0057405812bdb...23166c
Time.Started.....: Fri Aug 15 20:49:38 2025 (21 secs)
Time.Estimated...: Sat Aug 16 08:32:01 2025 (11 hours, 42 mins)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Mask.......: ?u?l?l?d?d?d?d?d?d [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#01........:   417.1 kH/s (95.00ms) @ Accel:46 Loops:1000 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 7913472/17576000000 (0.05%)
Rejected.........: 0/7913472 (0.00%)
Restore.Point....: 0/676000000 (0.00%)
Restore.Sub.#01..: Salt:0 Amplifier:4-5 Iteration:27000-28000
Candidate.Engine.: Device Generator
Candidates.#01...: Car123123 -> Cow709789
Hardware.Mon.#01.: Temp: 83c Fan: 64% Util:100% Core:2010MHz Mem:10251MHz Bus:16

如果是2013版的execl,时间会增加到6天多

Host memory allocated for this attack: 4430 MB (111122 MB free)[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>Session..........: hashcat
Status...........: Running
Hash.Mode........: 9600 (MS Office 2013)
Hash.Target......: $office$*2013*100000*256*16*78632c4de53ac0308cd1a54...db2dd8
Time.Started.....: Fri Aug 15 21:10:42 2025 (9 secs)
Time.Estimated...: Fri Aug 22 09:05:57 2025 (6 days, 11 hours)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Mask.......: ?u?l?l?d?d?d?d?d?d [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#01........:    31312 H/s (10.38ms) @ Accel:4 Loops:250 Thr:384 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 258048/17576000000 (0.00%)
Rejected.........: 0/258048 (0.00%)
Restore.Point....: 0/676000000 (0.00%)
Restore.Sub.#01..: Salt:0 Amplifier:2-3 Iteration:3250-3500
Candidate.Engine.: Device Generator
Candidates.#01...: Bar123123 -> Byy166789
Hardware.Mon.#01.: Temp: 70c Fan: 46% Util: 99% Core:2040MHz Mem:10251MHz Bus:16
http://www.dtcms.com/a/333431.html

相关文章:

  • 深入Amazon DynamoDB:高效、无缝的数据存储解决方案
  • 项目生命周期
  • Python爬虫大师课:HTTP协议深度解析与工业级请求封装
  • k8s环境使用Operator部署Seaweedfs集群(一)
  • STM32传感器模块编程实践(十四)DIY语音+满溢检测智能垃圾桶模型
  • SD-WAN核心特点有哪些,适用哪些场景?
  • Rust 入门 泛型和特征-深入特征 (十五)
  • 【Cuda 编程思想】LinearQaunt-分块量化矩阵乘法计算过程
  • 关系型数据库核心组件:视图、函数与存储引擎详解
  • 分布式锁那些事
  • 机器学习中的PCA降维
  • ubuntu 20.04 搭建多用户远程桌面共享及同时在线使用
  • langGraph--2--langServe+langGraph示例
  • 云原生俱乐部-k8s知识点归纳(3)
  • Spark03-RDD01-简介+常用的Transformation算子
  • Rust 中 Box 的深度解析:作用、原理与最佳实践
  • 图解软件知识库体系
  • MiniSetupGetCdType函数分析之CDTYPE三种零售版oem版vol版
  • MMU 的资料收集
  • 【DDIA】第九章:一致性与共识
  • IDEA插件选择和设置优化指南(中英双版)
  • 永磁同步电机控制 第一篇、认识电机
  • 【原创理论】Stochastic Coupled Dyadic System (SCDS):一个用于两性关系动力学建模的随机耦合系统框架
  • STM32如何定位HardFault错误,一种实用方法
  • 进程和线程 (线程)
  • C#内嵌字符串格式化输出
  • C语言实现类似C#的格式化输出
  • Kubernetes(3)控制器的应用详解
  • 【Linux应用】V4L2的摄像头配置、获取等操作,并进行视频录制
  • 准直太阳光模拟器 | HUD 光照角度和强度的测试应用