Password offsets using exemplars
I have been trying to create password exemplars for MS Word 2003 documents. I have created a blank document (clear.doc), then I created another blank document (hidden.doc) and password protected the file from being opened. Attempting to open the file verifies that the password is effective.
After viewing both documents side-by-side in HexWorkshop and running a compare, I have been unable to identify where the password offsets are.
Is there another way to locate the password offsets? This is an assignment, so I am only looking for a method here.
Any help would be appreciated.
I am not too sure what you are asking?
Attepting to save a MS Word document as any other format (i.e. .txt file) results in a loss of the password protection. MS Word encryption uses the RC4 stream cipher and stores it as a 32-bit password hash.
So what are you using to create the password protected hidden.txt file?
My mistake, the file extension was still a .doc
At any rate, I have learned that Word store the password bits throughout the document, so finding the offset values are quite difficult. My instructor recommends Passware as a tool to access password protected documents.
Passware is quite good it has a number of different mini programs for various file types; however I have started to use Access Data PRTK - which is pretty impressive. You can also download the dictionary files free of charge from the Access Data website. They come in handy for all kinds of password crackers. Lophtcrack, Passware, and many more (some software only use .dic dictionary files - but its a simple matter of just renaming the Access Data .txt extensions).
Here is a tip â€“ on how to create a massive all encompassing password dictionary file?
Download them all from Access Data to your local machine. Use EnCase to preview your local drive. Select/blue check all the downloaded dictionaries. Then copy/unerase them out. Keep the radio button selected for all â€˜checked filesâ€™. And check the radio button for â€˜merge into one fileâ€™. Name your text file â€˜Massive.txtâ€™ or whateverâ€¦. And hey prestoâ€¦. A huge 200MB dictionary file to compliment your forensic & password cracking toolset, "if dat donâ€™t crack it nuttin will".
It does take a while for the millions of words to finish thoughâ€¦.. about 2-3 minutes when run in PRTK
I'll try this in the lab. Thanks for the tip!