Didier Stevens

Monday 7 January 2019

Update: msoffcrypto-crack.py Version 0.0.2

Filed under: Encryption,My Software,Update — Didier Stevens @ 0:00

In this update of msoffcrypto-crack.py, two new options were added:

-e takes a text file and extracts all words from this text file to be used in the dictionary attack. Words are strings delimited by space characters. Words between single or double quotes, and words after string “password” are put at the beginning of the list for the dictionary attack.

The idea for option -e, is that you give it the content of an email message that contains the password of the encrypted attachment(s).

-c takes the password to decrypt the document. You use this option after the password was recovered (with option -p or -e for example), and need to run the tool again to decrypt the document. You can run the password cracking each time when you need to decrypt the document, but if this takes too long, then you just run it once and from then on provide the recovered password with option -c.

Password VelvetSweatshop was added to the embedded password list.

msoffcrypto-crack_V0_0_2.zip (https)
MD5: 010B7FA68FCF9CE84427815EFDFE1C42
SHA256: 6B368E40EEE8A907D444A49963B37F456A3645991201CE06F0E46A0F2E188A74

3 Comments »

  1. I’ve tested the script on .xls and .doc files and it works as intended. However it doesn’t work with newer Office formats, it always says “Password found: infected”, even though that isn’t the password

    Comment by Anonymous — Tuesday 22 January 2019 @ 13:54

  2. Works wonders for the old binary format, but it doesn’t quite work for the ooxml format? I’ve noticed the library required works for all Office Open XML formats, but the script keeps returning the password as being either 123456 or infected (I’ve tested with an xlsx file with the password VelvetSweatshop and with a docx file with the password rocky, both passwords are in the wordlist).

    Comment by JJ — Wednesday 23 January 2019 @ 14:14

  3. Just posted a bug fix: https://blog.didierstevens.com/2019/01/26/update-msoffcrypto-crack-py-version-0-0-3/

    Comment by Didier Stevens — Saturday 26 January 2019 @ 13:46


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.