Extract a John the Ripper / hashcat hash from a password-protected Microsoft Office document (Word, Excel, PowerPoint) with office2john. Authorized recovery only.
office2john reads an encrypted Microsoft Office file (.docx, .xlsx, .pptx and older .doc/.xls/.ppt) and outputs a hash for offline password recovery. Modern Office uses AES with an "agile" or "standard" encryption scheme stored in an OLE compound file. The tool pulls the encryption verifier and key-derivation parameters into a hash a cracker can attack. It does not open or decrypt the document.
Input:
report.docx (password-protected)
Output:
report.docx:$office$*2013*100000*256*<salt>*<...>
Which Office versions are supported?
Office 2007, 2010, 2013, and 2016+ agile encryption, plus older binary formats. The hash records the version so the cracker uses the right key derivation.
Does it work on .docx and .xlsx alike?
Yes. Word, Excel, and PowerPoint share the same Office encryption container, so office2john handles them all.
What is the hashcat mode?
Office 2013+ uses mode 9600; 2010 uses 9500; 2007 uses 9400.
This tool extracts password hashes from encrypted Microsoft Office files for password recovery or security auditing.
Supported Tools: