windows下hashcat使用gpu破解execl打开密码

weixin_446260852025-08-16 13:00

需要的软件

1.hashcat :https://hashcat.net

2.john the ripper :https://www.openwall.com

获取execl加密文件的Hash

bash 复制代码 
PS G:\dl\john-1.9.0-jumbo-1-win64\john-1.9.0-jumbo-1-win64\run> python .\office2john.py .\test6.xlsx
test6.xlsx:$office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3f03f2*cda0e47886401e4baebaa35745788f2c*0fa2f3ce6ce73c772909713c130092e9c7758cf0
PS G:\dl\john-1.9.0-jumbo-1-win64\john-1.9.0-jumbo-1-win64\run>

Office 加密 Offcie 版本对应哈希类型

Office97-03(MD5+RC4,oldoffice0,oldoffice1):-m 9700

Office97-03(0/1, MD5 + RC4, collider #1):-m 9710

Office97-03(0/1, MD5 + RC4, collider #2):-m 9720

Office97-03(3/4, SHA1 + RC4):-m 9800

Office97-03($3, SHA1 + RC4, collider #1):-m9810

Office97-03($3, SHA1 + RC4, collider #2):-m9820

Office2007:-m 9400

Office2010:-m 9500

Office2013:-m 9600

掩码说明

(2)1到8为数字掩码攻击

-a 3 --increment --increment-min 1--increment-max 8 ?d?d?d?d?d?d?d?d --O

?d代表数字,可以换成小写字母?l,大写字母?u,特殊字符?s,大小写字母+特殊字符?a,--O表示最优化破解模式,可以加该参数,也可以不加该参数。

https://cloud.tencent.com/developer/article/1688161

bash 复制代码 
PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> ./hashcat.exe -m 9400   '$office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3f03f2*cda0e47886401e4baebaa35745788f2c*0fa2f3ce6ce73c772909713c130092e9c7758cf0'  -a 3 ?u?l?l?d?d?d -w 3 -o output.txt
hashcat (v7.0.0) starting

CUDA API (CUDA 13.0)
====================
* Device #01: NVIDIA GeForce RTX 3090 Ti, 23285/24563 MB, 84MCU

OpenCL API (OpenCL 3.0 CUDA 13.0.78) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #02: NVIDIA GeForce RTX 3090 Ti, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimum salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

Host memory allocated for this attack: 7127 MB (111283 MB free)

The wordlist or mask that you are using is too small.
This means that hashcat cannot use the full parallel power of your device(s).
Hashcat is expecting at least 1978368 base words but only got 34.2% of that.
Unless you supply more work, your cracking speed will drop.
For tips on supplying more work, see: https://hashcat.net/faq/morework

Approaching final keyspace - workload adjusted.


Session..........: hashcat
Status...........: Cracked
Hash.Mode........: 9400 (MS Office 2007)
Hash.Target......: $office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3...758cf0
Time.Started.....: Fri Aug 15 20:55:02 2025 (7 secs)
Time.Estimated...: Fri Aug 15 20:55:09 2025 (0 secs)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Mask.......: ?u?l?l?d?d?d [6]
Guess.Queue......: 1/1 (100.00%)
Speed.#01........:   403.7 kH/s (33.43ms) @ Accel:23 Loops:1000 Thr:1024 Vec:1
Recovered........: 1/1 (100.00%) Digests (total), 1/1 (100.00%) Digests (new)
Progress.........: 2704000/17576000 (15.38%)
Rejected.........: 0/2704000 (0.00%)
Restore.Point....: 0/676000 (0.00%)
Restore.Sub.#01..: Salt:0 Amplifier:3-4 Iteration:49000-50000
Candidate.Engine.: Device Generator
Candidates.#01...: Aar123 -> Aqx849
Hardware.Mon.#01.: Temp: 70c Fan: 47% Util:100% Core:2040MHz Mem:10251MHz Bus:16

Started: Fri Aug 15 20:54:57 2025
Stopped: Fri Aug 15 20:55:10 2025
PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> dir

得到密码Asw352

bash 复制代码 
PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> more  output.txt
$office$*2007*20*128*16*84626bdea7e63ec8ca1144a4ea3f03f2*cda0e47886401e4baebaa35745788f2c*0fa2f3ce6ce73c772909713c130092e9c7758cf0:Asw352

PS G:\dl\hashcat-7.0.0\hashcat-7.0.0>

尝试破解9位的密码

bash 复制代码 
PS G:\dl\hashcat-7.0.0\hashcat-7.0.0> ./hashcat.exe -m 9400   '$office$*2007*20*128*16*101eeac7b750ed0057405812bdbacdf2*6d7433919b8434bfb54355e8768d82e4*e23ba6d66a2740e0cb910aecf4db20eed123166c'  -a 3 ?u?l?l?d?d?d?d?d?d -w 3 -o output.txt
hashcat (v7.0.0) starting

CUDA API (CUDA 13.0)
====================
* Device #01: NVIDIA GeForce RTX 3090 Ti, 23285/24563 MB, 84MCU

OpenCL API (OpenCL 3.0 CUDA 13.0.78) - Platform #1 [NVIDIA Corporation]
=======================================================================
* Device #02: NVIDIA GeForce RTX 3090 Ti, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 256
Minimum salt length supported by kernel: 0
Maximum salt length supported by kernel: 256

Hashes: 1 digests; 1 unique digests, 1 unique salts
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5/13 rotates

Optimizers applied:
* Zero-Byte
* Single-Hash
* Single-Salt
* Brute-Force
* Slow-Hash-SIMD-LOOP

Watchdog: Temperature abort trigger set to 90c

Host memory allocated for this attack: 7127 MB (110906 MB free)

[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Mode........: 9400 (MS Office 2007)
Hash.Target......: $office$*2007*20*128*16*101eeac7b750ed0057405812bdb...23166c
Time.Started.....: Fri Aug 15 20:49:38 2025 (21 secs)
Time.Estimated...: Sat Aug 16 08:32:01 2025 (11 hours, 42 mins)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Mask.......: ?u?l?l?d?d?d?d?d?d [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#01........:   417.1 kH/s (95.00ms) @ Accel:46 Loops:1000 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 7913472/17576000000 (0.05%)
Rejected.........: 0/7913472 (0.00%)
Restore.Point....: 0/676000000 (0.00%)
Restore.Sub.#01..: Salt:0 Amplifier:4-5 Iteration:27000-28000
Candidate.Engine.: Device Generator
Candidates.#01...: Car123123 -> Cow709789
Hardware.Mon.#01.: Temp: 83c Fan: 64% Util:100% Core:2010MHz Mem:10251MHz Bus:16

如果是2013版的execl,时间会增加到6天多

bash 复制代码 
Host memory allocated for this attack: 4430 MB (111122 MB free)

[s]tatus [p]ause [b]ypass [c]heckpoint [f]inish [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Mode........: 9600 (MS Office 2013)
Hash.Target......: $office$*2013*100000*256*16*78632c4de53ac0308cd1a54...db2dd8
Time.Started.....: Fri Aug 15 21:10:42 2025 (9 secs)
Time.Estimated...: Fri Aug 22 09:05:57 2025 (6 days, 11 hours)
Kernel.Feature...: Pure Kernel (password length 0-256 bytes)
Guess.Mask.......: ?u?l?l?d?d?d?d?d?d [9]
Guess.Queue......: 1/1 (100.00%)
Speed.#01........:    31312 H/s (10.38ms) @ Accel:4 Loops:250 Thr:384 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 258048/17576000000 (0.00%)
Rejected.........: 0/258048 (0.00%)
Restore.Point....: 0/676000000 (0.00%)
Restore.Sub.#01..: Salt:0 Amplifier:2-3 Iteration:3250-3500
Candidate.Engine.: Device Generator
Candidates.#01...: Bar123123 -> Byy166789
Hardware.Mon.#01.: Temp: 70c Fan: 46% Util: 99% Core:2040MHz Mem:10251MHz Bus:16
相关推荐
q***829115 分钟前
windows同时安装两个不同版本的Mysql
windows·mysql·adb
dntktop39 分钟前
搜索+计算+插件…这个“全能管家”让你告别80%的桌面图标
运维·windows·自动化·编辑器
h***34631 小时前
Redis安装教程(Windows版本)
数据库·windows·redis
a***13142 小时前
redis存取list集合
windows·redis·list
lpfasd1236 小时前
Windows下使用nvm-windows管理Node.js版本及npm配置全指南
windows·npm·node.js
e***75397 小时前
在 Windows 上生成本地 SSL 证书并使用 HTTPS 访问本地 Nginx 服务器
windows·https·ssl
laocooon5238578869 小时前
实现了一个新闻数据采集与分析系统python
linux·服务器·windows
_oP_i18 小时前
Win11 性能调优实用指南
windows
保持低旋律节奏19 小时前
C++——C++11特性
开发语言·c++·windows
ol木子李lo19 小时前
Visual studio 2022高亮汇编(ASM)语法方法
汇编·ide·windows·visual studio
热门推荐
01GitHub 镜像站点02【保姆级教程】免费使用Gemini3的5种方法!免翻墙/国内直连03BongoCat - 跨平台键盘猫动画工具04UV安装并设置国内源05安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)06Linux下V2Ray安装配置指南07Google Antigravity:无法登录?早期错误、登录修复和用户反馈指南08Labelme从安装到标注:零基础完整指南09全球最强模型Grok4,国内已可免费使用!(附教程)10在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)