Microsoft Office files can be password-protected in order to prevent tampering and ensure data integrity. But password-protected documents from earlier versions of Office are susceptible to having their hashes extracted with a simple program called office2john. Those extracted hashes can then be cracked using John the Ripper and Hashcat.
Extracting the hash from a password-protected Microsoft Office file takes only a few seconds with the office2john tool. While the encryption standard across different Office products fluctuated throughout the years, none of them can stand up to office2john's hash-stealing abilities.
This tool is written in Python and can be run right from the terminal. As for Office compatibility, it's known to work on any password-protected file from Word, Excel, PowerPoint, OneNote, Project, Access, and Outlook that was created using Office 97, Office 2000, Office XP, Office 2003, Office 2007, Office 2010, and Office 2013, including the Office for Mac versions. It may not work on newer versions of Office, though, we saved a DOCX in Office 2016 that was labeled as Office 2013.
Next, we need an appropriate file to test this on. I am using a simple DOCX file named "dummy.docx" that I created and password-protected with Word 2007. Download it to follow along. The password is "password123" as you'll find out. You can also download documents made with Word 2010 and Word 2016 (that shows up as 2013) to use for more examples. Passwords for those are also "password123."
John will start cracking, and depending on the password complexity, will finish when a match is found. Press almost any key to view the current status. When the hash is cracked, a message will be displayed on-screen with the document's password: Since our password was pretty simple, it only took seconds to crack it.
When it comes to password cracking of any kind, the best defense technique is to use password best practices. This means using unique passwords that are long and not easily guessable. It helps to utilize a combination of upper and lowercase letters, numbers, and symbols, although recent research has shown that simply using long phrases with high entropy is superior. Even better are long, randomly generated passwords which makes cracking them nearly impossible.
In regards to this specific attack, using Microsoft Office 2016 or 2019 documents or newer may not be effective, since office2john is designed to work on earlier versions of Office. However, as you can see above, Office 2016 may very well spit out a 2013 document without the user even knowing, so it doesn't mean a "new" file can't be cracked. Plus, there are still plenty of older Microsoft Office documents floating around out there, and some organizations continue to use these older versions, making this attack still very feasible today.
Today, we learned that password-protected Microsoft Office files are not quite as secure as one would be led to believe. We used a tool called office2john to extract the hash of a DOCX file, and then cracked that hash using John the Ripper and Hashcat. These types of files are still commonly used today, so if you come across one that has a password on it, rest easy knowing that there is a way to crack it.
On the latest update of the tool (October, 2014) there was a significant addition that did not get the buzz that it should have created. That is the ability to crack Microsoft Office password hashes across all different versions (97-2003, 2007, 2010, 2013). This addition appears to have been added only to the GPU enabled versions of hashcat (ocl-hashcat, cuda-hashcat) at the moment.
This guide will take you through how to use hashcat (we will use cuda-hashcat as an example) to crack Microsoft Office passwords. Important note: This is not a guide on how to install and use hashcat in general. There are a lot of other guides available on this topic, an example would be this one.
First of all, you will need a password protected document to extract a hash that needs to be cracked. For illustration purposes, I have created a Word 2007 document (example.docx) and protected it with the password password12345.
We can see that in the beginning of the hash we can identify the version Office used by this hash ($office$*2007*) Now that we have retrieved our hash, its time to start the cracking! For hashcat to be able to recognise the hash as an office document, we have to use one of the following two options:
Depending on your machine, you will be amazed by the speed of the tool. On my machine, which is not built for password hashing, the average speed of cracking during bruteforcing was 3000 Hashes per second (H/s).If the password is successfully cracked, you will find it in the output file specified and in the cudaHashcat.pot file in the format Hash:Password.
Microsoft Office has a security feature that allows users to encrypt Office (Word, Excel, PowerPoint, Access, Skype Business) documents with a user-provided password. The password can contain up to 255 characters and uses AES 128-bit advanced encryption by default. Passwords can also be used to restrict modification of the entire document, worksheet or presentation. Due to lack of document encryption, though, these passwords can be removed using a third-party cracking software.
Microsoft Office 2008 for Mac was released on January 15, 2008. It was the only Office for Mac suite to be compiled as a universal binary, being the first to feature native Intel support and the last to feature PowerPC support for G4 and G5 processors, although the suite is unofficially compatible with G3 processors. New features include native Office Open XML file format support, which debuted in Office 2007 for Windows, and stronger Microsoft Office password protection employing AES-128 and SHA-1. Benchmarks suggested that compared to its predecessor, Office 2008 ran at similar speeds on Intel machines and slower speeds on PowerPC machines. Office 2008 also lacked Visual Basic for Applications (VBA) support, leaving it with only 15 months of additional mainstream support compared to its predecessor. Nevertheless, five months after it was released, Microsoft said that Office 2008 was "selling faster than any previous version of Office for Mac in the past 19 years" and affirmed "its commitment to future products for the Mac."
In June 2007, Microsoft announced a new version of the office suite, Office Mobile 2007. It became available as "Office Mobile 6.1" on September 26, 2007, as a free upgrade download to current Windows Mobile 5.0 and 6 users. However, "Office Mobile 6.1 Upgrade" is not compatible with Windows Mobile 5.0 powered devices running builds earlier than 14847. It is a pre-installed feature in subsequent releases of Windows Mobile 6 devices. Office Mobile 6.1 is compatible with the Office Open XML specification like its desktop counterpart.
In Excel and Word 95 and prior editions a weak protection algorithm is used that converts a password to a 16-bit verifier and a 16-byte XOR obfuscation array (page 60/119) key. Hacking software is now readily available to find a 16-byte key and decrypt the password-protected document. Because it's only like a Vigenere Cipher. They can be cracked instantly with the help of precomputation tables.
In Office 2007 (Word, Excel and PowerPoint), protection was significantly enhanced since a modern protection algorithm named Advanced Encryption Standard was used. At present there is no software that can break this encryption. With the help of the SHA-1 hash function, the password is stretched into a 128-bit key 50,000 times before opening the document; as a result, the time required to crack it is vastly increased, similar to PBKDF2, scrypt or other KDFs.
I have an MS Word 2007 format file that is password protected on my own pc. We can't remember the password and of course now want to get into the document. I've tried using Alcomsoft Password Recovery but it was taking days and never got anywhere with it.
I'm not sure of the program but I presume it uses some sort of bruteforce attempt to crack the password, the only way to make this faster is to have more processing power, eg. A faster computer/more powerful graphics card.
We have a computer running as a dedicated password cracker since we're in the same position, it's been running the software for about 7 months now haha. It's definitely not a quick solution but it will get there in the end.
Along with the new document format, Office 2007 uses massively improved encryption. Instead of 40-bit RC4 and a single MD5 hashing iteration, Microsoft employed the industry-standard AES-128 for encryption. 50,000 SHA-1 iterations for hashing signify the departure from insecure single-iteration hashes. The use of a long encryption key makes attacks on the key itself unfeasible. Instead, we must recover the original plain-text password, which in turn means that we must run a brute-force attack (or a smart attack based on a dictionary).
Even today, documents encrypted with Office 2007 (and not saved in compatibility mode) are moderately secure. A typical Intel Core i7 CPU provides the recovery speed of about 1,000 passwords per second, while GPU-assisted attacks result in about 200,000 passwords per second using a single NVIDIA Tesla V100. We recommend smart dictionary-based attacks must to recover the password.
In Office 2010, Microsoft has continued with the encryption scheme they introduced in Office 2007. The new Office still uses AES-128 for encryption, and still relies on SHA-1 for hashing. However, the number of hash iterations was doubled from 50,000 (Office 2007) to 100,000 (Office 2010). This was made to account for the evolution of hardware to make passwords at least as secure as they were three years ago.
Summary: twice as strong as Office 2007. Medium speed attacks, brute-force can be used to recover some very short and simple passwords. More complex passwords require smart dictionary attacks. 2b1af7f3a8