Useful Hacks

Password Cracking

Recently someone asked me if I could decrypt a Word 2007 document they wrote in 2013. They were pretty sure it was someone's name, no numerals, 7 characters or fewer, maybe reversed, and a capital letter somewhere depending on whether it was reversed. I did some research and found out that you can decrypt Office 2007 documents with a GPU, but it's much harder than the old 97-2003 format because Microsoft changed the encryption. Since I have a GTX 750 Ti, I decided to give it a try. The easy way is to pay for a GPU-based app, but I decided to use Hashcat, a free app that can crack anything, even WPA2 Wi-Fi.

First I had to download a portable Python interpreter to run office2john, which will create a hash of the document. This hash is the target that Hashcat will work toward.

It took me a while to figure out Hashcat's command-line switches, but eventually I had it running with the parameters in the first paragraph. I was using a plain brute-force attack rather than a word list. On average, my GPU was able to try about 18,000 passwords/second. After 1 hour and 32 minutes it found the password and saved it into a text file. When I opened it, the password turned out to be "Locked". I almost didn't recognize it because it was appended to the original hash with a colon and I thought it might be a status indication. I tried it in the Word document and, sure enough, it opened. This shows the importance of using word lists; I could've had this done much sooner if I had used one since "Locked" is listed in the rockyou list.

And speaking of the rockyou list, I was unpleasantly surprised to see my PGP private key passphrase, off by just 1 numeral, in that list! Always remember, if a password makes sense then it's probably in a list somewhere because everyone's mind operates almost the same.

Watching Online Video in a Video Player

Have you ever wanted to watch an online video (YouTube, Dailymotion, etc) in Media Player Classic? For example, Dailymotion is so bogged down with ads and scripts that it's nearly impossible to watch videos on their site.

This trick even works for live YouTube streams.

Use the command "youtube-dl -g [video url]". It will give you a very long gibberish URL. Use the Mark feature in Command Prompt to select it, then press Enter to copy. You will need to paste it into Notepad and remove the line break, then copy it again and paste it into Media Player Classic or your favorite player.

No comments:

Post a Comment