There’s a nice little Python script called office2john.py that will help us with this. In order to use Hashcat to attack the hash stored in a Microsoft Office document, we first must extract the hash. Extracting the Password Hash from the Office Document My previous article that covers creating custom wordlists may be of assistance as well. It specifically deals with cracking WPA2 keys with Hashcat, but the techniques described in that article regarding phone numbers, wordlists, and modifiers are all relevant here. If you haven’t seen my previous article on cracking with Hashcat, I encourage you to read that article first. We’ll then learn a few tricks to crack the document with Hashcat. We’ll learn about a nice Python script called office2john.py, which pulls a hash from the Office document in a format that is used by John the Ripper (another password cracking utility), and how to edit that output so that we can use it with Hashcat. In this article we’ll look at how to crack password-protected Microsoft Office 97, 2003, 2007, 2010, and 2013 files.
Cracking Microsoft Office Document Passwords