This new version of msoffcrypto-crack.py, a tool to crack encrypted MS Office documents, comes with a new option to generated a password dictionary based on the filename of the document.
Option -p allows the user to provide a dictionary file. Use value #f to generate a dictionary based on the filename: This will generate a dictionary of all possible substrings of the filename.
I had to analyze an encrypted spreadsheet yesterday, and the password was in the name, like this:
msoffcrypto-crack_V0_0_5.zip (https)
MD5: 1514DA367DCFF7051AB117266CE65BD3
SHA256: FEEFDD89134083EA19936494C8FCBD05804B3B9C0D4C5FBAFE06578D466B50AE
Hello,
to my understanding the tool doesn’t work with the current samples from the malware-bazaar. Is an update to Python3 with PyZipper necessary? For the convinience of analysts, is it possible to add an option to proceed all files in a folder? As the password “Velvet…” is a clear indicator for malware an option to reduce to “no password”, “Velvet…” or “other password” would speed up.
As a significant share of malware uses the “Velvet…” – password, for me the tool is an ideal first test of emails.
Comment by No Anon — Monday 28 September 2020 @ 7:35
Indeed, PyZipper would help. But in the mean time, you can use zipdump.py to extract and pipe the file into msoffcrypto-crack.py.
What do you mean with “an option to reduce”? Can you give an example?
Comment by Didier Stevens — Monday 28 September 2020 @ 16:28
Hello,
I receive following message when apply – p rockyou.txt. Mac OS and windows both same msg
Traceback (most recent call last):
File “/Users/andrewkuegler/Desktop/msoffcrypto-crack.py”, line 3795, in
Main()
File “/Users/andrewkuegler/Desktop/msoffcrypto-crack.py”, line 3789, in Main
Crack(args[0], options)
File “/Users/andrewkuegler/Desktop/msoffcrypto-crack.py”, line 3730, in Crack
total = len(passwords)
TypeError: object of type ‘NoneType’ has no len()
Comment by Hank — Wednesday 1 September 2021 @ 8:53
I assume you use 32-bit Python?
Comment by Didier Stevens — Thursday 2 September 2021 @ 16:56