bulk MS office password cracking and password removal help

Elcomsoft do some good products I believe

If you must retrieve the passwords, then a distributed attack like Access Data's DNA will be required. If you can live without the passwords and just need the file contents, then a service like Decryptum is recommended.

I forgot to mention; DNA will take into consideration the fact that most of the passwords are the same. It adds discovered passwords to its "golden dictionary" which it uses on all subsequent attacks.

If you think you will be doing this more often than just this case, I would look into getting PORT (Portable Office Rainbow Tables) from AccessData. It works wonders with Word and Excel…we batch several hundred or more at a time thru there and it typically will take no more than 4 minutes per file, usually sooner, due to the limitations of the Office encryption hashes…

Do you only have access to the files, or do you have access to the system also? AD's PRTK often gets better results if you give it access to FTK generated word lists and exported registry files.

If you can break the weak encryption first, ordinary joes tend to use the same password for everything which is why Uzdcar's comment about the "golden dictionary" is particularly pertinent.

Another thing you might consider if this is going to be a regular occurrence for you is a hardware accelerator such as the TACC from Tableau
http//www.tableau.com/index.php?pageid=products&model=TACC1441

This works with PRTK and Passware to crack common algorithms. It doesn't however include the ability to crack Office passwords prior to 2007 at the moment……. (

I'll echo Tony; PRTK and FTK generated word lists along with your known password list is a great way to crack bulk MS docs.