[39624] in bugtraq
Re: Microsoft Word Protection Bypass
daemon@ATHENA.MIT.EDU (Johan De Meersman)
Wed Jul 13 18:58:28 2005
Message-ID: <42D53139.6050506@operamail.com>
Date: Wed, 13 Jul 2005 17:20:25 +0200
From: Johan De Meersman <jdm@operamail.com>
MIME-Version: 1.0
To: Christian King <cking@procuri.com>
Cc: Dave.Collins@tetratech.com, bugtraq@securityfocus.com
In-Reply-To: <C99DB99FAF8DB74ABCB0774D7BE2D5CC0562B6@orl-postoffice2.procuricorp.com>
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enig21A33F328A798B9A4BD6E75E"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig21A33F328A798B9A4BD6E75E
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Actually, just remove the entire tag in step 3, and open the xml file in
word again - You don't even lose formatting as far as I see :-)
Christian King wrote:
>Quick HOWTO:
>
>1. Open the protected document in Word
>2. File / Save As (XML Document)
>3. Open XML Document, look for <w:documentProtection w:edit="read-only"
>w:enforcement="on" w:unprotectPassword="xxxxxxx"/> The
>"unprotectPassword" will be a hex byte string.
>4. Open the .doc in your favorite hex editor, and search for the hex
>string in the reverse order, i.e. if the unprotectPassword says "1F C6
>CB EB" you would be searching for "EB CB C6 1F" .. when you find this
>string simply zero them out and save the document (I suggest saving as a
>copy obviously). Once you open the document again you should be able
>to just click "Tools / Unprotect Document" and it will not even prompt
>for a password.
>
>-Chris
>
>-----Original Message-----
>From: Dave.Collins@tetratech.com [mailto:Dave.Collins@tetratech.com]
>Sent: Wednesday, July 06, 2005 4:11 PM
>To: bugtraq@securityfocus.com
>Subject: Re: Microsoft Word Protection Bypass
>
>Where can I find the "how to" to get around the password protection? I
>have a form that I need to modify, but whoever created it is no longer
>with the company and as a result, the password is "gone"
>
>Many Thanks
>
>
>
>
--
When you're in command, command.
-- Admiral Nimitz
--
Public GPG key at blackhole.pca.dfn.de
GCS/IT d- s:+ a- C(+++)$ UL++++$ P+++(++++)$ L++(+++)$ !E- W+(+++)$
N+(++) o K w$ !O !M V PS(++)@ PE-(++)@ Y+ PGP++(+++) t(+) 5 X R tv--
b++(++++) DI++(++++) D++ G e++>+++++ h(+) r y+**
--------------enig21A33F328A798B9A4BD6E75E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC1TE+xz0AbiB4HpQRAlxNAJ9S5QK4am3wp6g7O5sJGMcKB6VgiwCeIV2t
YZZQM/fbutjWYPBrh3n4q9c=
=2o6i
-----END PGP SIGNATURE-----
--------------enig21A33F328A798B9A4BD6E75E--
