Intelligent bruteforce password attack for Excel, for free

Sometimes there is a need to open an Excel file that you don’t have the password for. Occasionally this will be when a colleague who has password protected an Excel document has now left the company…usually it is because the idiot who password protected the document forgot the password.

I work in the IT world, and this problem comes up on a pretty frequent basis…even more so because I am involved in the security and investigations realm. Usually when I need to get into the document I would use a brute force method. Unfortunately even with the best commercial solutions, brute force can take a ridiculous amount of time…and for the average person these solutions are not cheap. For excel files that were made in versions of Excel earlier than Excel 2007, this method will still work, but isn’t entirely necessary. Excel 2003 and earlier is a lot easier to crack than later versions. From 2007 onwards, there is a level of encryption involved. Also, this method is for the password used to open the Excel document, not the password protected sheets and formulas (these are simple to bypass anyway).

If you aren’t sure what brute force is, basically it is checking every possible combination of passwords possible. Starting from A to ZZZZZZZZZZZZZZZZZZZ. This is a pretty quick process if the password is 3 or 4 characters long and doesn’t include special characters (!,*,% etc). Start looking at 7 character passwords and it is near impossible to get the password using this method unless you have quite a bit of cash to spend. Check this link to see how long a typical bruteforce attack would take. Continue reading Intelligent bruteforce password attack for Excel, for free