[39484] in bugtraq
RE: Microsoft Word Protection Bypass
daemon@ATHENA.MIT.EDU (Christian King)
Thu Jul 7 13:25:37 2005
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Thu, 7 Jul 2005 12:26:11 -0400
Message-ID: <C99DB99FAF8DB74ABCB0774D7BE2D5CC0562B6@orl-postoffice2.procuricorp.com>
From: "Christian King" <cking@procuri.com>
To: <Dave.Collins@tetratech.com>, <bugtraq@securityfocus.com>
X-MailScanner-From: cking@procuri.com
Content-Transfer-Encoding: 8bit
Quick HOWTO:
1. Open the protected document in Word
2. File / Save As (XML Document)
3. Open XML Document, look for <w:documentProtection w:edit="read-only"
w:enforcement="on" w:unprotectPassword="xxxxxxx"/> The
"unprotectPassword" will be a hex byte string.
4. Open the .doc in your favorite hex editor, and search for the hex
string in the reverse order, i.e. if the unprotectPassword says "1F C6
CB EB" you would be searching for "EB CB C6 1F" .. when you find this
string simply zero them out and save the document (I suggest saving as a
copy obviously). Once you open the document again you should be able
to just click "Tools / Unprotect Document" and it will not even prompt
for a password.
-Chris
-----Original Message-----
From: Dave.Collins@tetratech.com [mailto:Dave.Collins@tetratech.com]
Sent: Wednesday, July 06, 2005 4:11 PM
To: bugtraq@securityfocus.com
Subject: Re: Microsoft Word Protection Bypass
Where can I find the "how to" to get around the password protection? I
have a form that I need to modify, but whoever created it is no longer
with the company and as a result, the password is "gone"
Many Thanks
