Home > Innovations > How to know the file’s password

How to know the file’s password

TRANSLATION NOTES: Please read some comments at the end of this post.

There are several online tools that allow you to find a secret password, or how we better call it today: the password of a file, I do not intend to promote evil with this post but rather to explain the risk involved in believing that all our data is easily protected behind the name of a love-eye in the fourth grade of school.

In this case I will show LasBit Corp example, so if someone one day need it because you forgot that girlfriend’s name used to protect your Excel file, or a malicious employee left protected a data set with malicious intent here there is an exit.

1. The bad password

It is clear that in this life we must use more than one password for security; it is not possible to use it to access a forum only for commenting, than to enter our email accounts, Facebook or credit card. And this is what makes us lose our heads because sooner or later we can get confused.

The safest passwords are those with at least 9 digits, and are not dictionary exact words, preferably containing numbers and if possible at least one uppercase. This is because the principles that follow the program to break a password based on combinations of characters, the more they are, will take longer. It’s not recommended to use other codes, such as accented words or symbols because if one day we have a keyboard whose character table is failed (*) … the rush could have a taste of atol chuco (**).

2 Let us see an example

This is the case of an Excel file that one of my technicians created to teach the use of cadastral tab. I have his permission, because he gave me a challenge by finding ways to break the password, so here we go:

As it’s an Excel file, all I occupy is ExcelPassword and know the right way:

clip_image001

The graph shows the different routes:

  • If all you want is to break the password of locked cells, but without having the file protected, there is an option called fake that resets it immediately without allowing the program to find the name.
  • Another option is if you have an Excel file but from 2003 version, the Brute Force Attack would find it in a couple of minutes. Although those files also had the encryption option, so that if they had a long and complex password it does not apply.
  • And then there is the alternative of 2007 files in which Office further complicated the form of encryption (AES 128 encryption), with which the work becomes slower as the password is long and complex.

clip_image002

Following the wizard, it can provide features such as the words’ language it is expected to seek, the maximum amount of characters, first and last word, if you consider capitalization or codes … for each option shows the amount of time search may take from a couple of minutes to several days.

clip_image003Knowing the technical, that may have been place words only in Spanish, and that according to him, I estimate password can walk in less than six characters, here I am going.

Done:

23 seconds without caps

It should be the name of a school girlfriend or the nickname of someone in a closet. jeje

It was so fast that it doesn’t took me hard work to get the printscreen. The downside is that I didn’t negotiate a bet, just a fucking challenge.

To test my theory, I used the same password for his Yahoo account, and oops, it was the same but now I have warned him because I have no bad intentions with a technician with which efforts I have had many successes.

It is also possible that many are having chills now, and if you do not have yet, review the list of passwords that can be found with LastBit software.

3. What kind of password can LastBit break?

It will not be the perfect world, but see that there are modules that can be purchased separately as required: these include:

Office Documents

  • Excel
  • Word
  • Access
  • PowerPoint
  • Pocket Excel
  • Back up (MS Backup)
  • Outlook
  • Project
  • Windows
  • VBA
  • SQL
  • OneNote
Internet programs

  • Internet Explorer (Content Advisor)
  • Internet Explorer (Autocomplete data)
  • FireFox
  • FTP
  • ICQ
  • Mail (POP3) saved in Desktop
  • Skype
  • Yahoo Messenger
  • MSN

Other files and programs

  • PDF
  • Act! (of Symantec)
  • QuickBooks
  • Quicken
  • Schedule
  • SHA-1 (Secure Hash Algorithm)
  • Zip
  • MD4 and MD5 Algorithm

I have no doubt this kind of applications may be a solution to a business problem as mentioned at the beginning. But I have serious doubts if in wrong hands may be harmless.

Worried?

TRANSLATION NOTES:

(*) destrompada: This jargon is used instead of saying that something is failed or done in a wrong way.

(**) atol chuco: This is a popular drink in El Salvador and Honduras. It’s done with a mix of dry corn flour and pumpkin’s seeds.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.