Cracking Excel Passwords

    Gather as much knowledge as you can in order to make educated decisions.  For example, there's this idea that if we password protect Microsoft Office documents, we are going to keep people from accessing them.  I'd say that is mostly correct and when I'm done explaining how to crack the password, you can decide if what you have stored in them is protected well enough.  

    First, let me state that there are commercial products that will do crack the passwords easily.  I haven't used one of those products in a long, long, time and I think a search would yield legitimate products along with questionable, possibly malware laced, products and it's not something I want to randomly download.  For this post, I'm going to use open source (read:  FREE) and publicly available tools along with the rockyou wordlist.  

    First things first, I'm going to create an Excel document with secrets:

    At the top of Excel, if we select the "File" menu, we are presented with:

    We select "Encrypt with Password":

    We enter our password:

    We confirm our password:

    Now, when we attempt to open the document, we are prompted for a password.  

    Using John the Ripper, we're going to create a hash from the .xlsx password protected file:

    Now we're going to take our hash over to hashcat and we're going to use the rockyou wordlist to crack it:

    I'm using a Vapor 290X to do my cracking.  It's not the fastest card on the market but it's fast enough.  Some hashes crack faster than others and this is not one of them.  Fortunately, this password was in the first 2% of the list and it only took 3.5 minutes.  Not that I couldn't have gone through the entire list in a few hours and that's still plenty fast but sometimes the entire rockyou list is exhausted within seconds.  Just pointing out that it's not fast for the impatient -- me.  

    Bottom-line, if you're worried about a snoop on your network, a password protected document might be ok.  If you're storing sensitive data, you might want to take that document and store it in a password manager.  Password managers aren't just for passwords, you can store whole documents as well.  Alternatively, you could store the document in an encrypted container such as VeraCrypt.  

    © 2020