Originally published April 22, 2016 @ 1:11 am

John the Ripper is a free multi-platform password-cracking software. This article is not intended to be a comprehensive guide to jtr, rather a quick how-to. Starting with version 1.7.9, jumbo patch 6, jtr supports password recovery for Office 2007/2010. In the example below, I will compile jtr from source with OpenMP support to take advantage of a multi-CPU server running CentOS 6.

Install OpenMP support and some useful performance-monitoring tools:

yum -y install openmpi openmpi-devel htop nmon openssl openssl-devel

Download and compile jtr version 1.7.9, jumbo patch 7:

cd /tmp
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz
tar -xvzf john-1.7.9-jumbo-7.tar.gz
/bin/mv john-1.7.9-jumbo-7 /opt/john
/bin/rm john-1.7.9-jumbo-7.tar.gz
cd /opt/john/src

vi Makefile
# Uncomment "OMPFLAGS = -fopenmp" and "OMPFLAGS = -fopenmp -msse2"

make clean linux-x86-64

Install jtr from standard CentOS repo and copy some missing files:

yum -y install john
rsync -av /usr/share/john/ /opt/john/
vi /etc/john.conf
# Comment out: .include <dynamic.conf>
cd /opt/john
/opt/john/run/john |grep ^John
/opt/john/run/john --test

# Run htop in another window to verify that all CPUs are being utilized

# Adjust number of threads:
OMP_NUM_THREADS=4 /opt/john/run/john --test

Install office2john Python script to extract hashes from Office files:

mkdir -p /var/adm/bin
wget --no-check-certificate -q -O /var/adm/bin/office2john.py https://raw.githubusercontent.com/kholia/RC4-40-brute-office/master/office2john.py
chmod 755 /var/adm/bin/office2john.py
ln -s /var/adm/bin/office2john.py /usr/bin/office2john

Process an Office file:

office2john /var/tmp/your_file.xlsx | awk -F: '{print $2}' > /var/tmp/your_file.hash
cd /opt/john/run
/opt/john/run/john /var/tmp/your_file.hash &disown
/opt/john/run/john --status