Password Crack

[Eric Fehlhaber]

Does anyone know of any software that can crack a password protected .xls
file for free? I found this one... http://www.elcomsoft.com/aopr.html I
don't think it's worth it for one document though.

Thanks

Eric

 

[Peter Foldes]

Maybe you can ask the person that set the password. That will be free

 

[JoAnn Paules [MSFT MVP]]

And since the file was protected in the first place, maybe you shouldn't be
trying to break into it.

--

JoAnn Paules
MVP Microsoft [Publisher]



Maybe you can ask the person that set the password. That will be free

 

[Harlan Grove]

JoAnn Paules [MSFT MVP] wrote...

And since the file was protected in the first place, maybe you shouldn't be
trying to break into it.

....

Then again if the file was created by person A at work, legally the
file would belong to A's employer. If A quit or was fired and is unable
or unwilling to give the password, and if the OP works for A's former
employer, the OP would have the legal right to crack the password.

That's the most common scenario claimed by people asking how to open
password-protected Excel workbooks, at least in the Excel newsgroups.
If it weren't legal to crack some files, it's hard to imagine why the
people providing the service for a fee aren't all in prison by now.

 

[JoAnn Paules [MSFT MVP]]

You mean that's what they *say* is the situation. I'm a skeptic. If it was
that situation, I'd think there'd have been some mention of the situation.
But when I read "What do you think of this password crack?" or "Where can I
find a free crack?", I don't immediately think, "Gee, some poor employer is
getting done over by a disgruntled former employee!"

--

JoAnn Paules
MVP Microsoft [Publisher]

JoAnn Paules [MSFT MVP] wrote...

And since the file was protected in the first place, maybe you shouldn't
be
trying to break into it.

...

Then again if the file was created by person A at work, legally the
file would belong to A's employer. If A quit or was fired and is unable
or unwilling to give the password, and if the OP works for A's former
employer, the OP would have the legal right to crack the password.

That's the most common scenario claimed by people asking how to open
password-protected Excel workbooks, at least in the Excel newsgroups.
If it weren't legal to crack some files, it's hard to imagine why the
people providing the service for a fee aren't all in prison by now.

 

[JE McGimpsey]

Take a look at

http://www.mcgimpsey.com/excel/fileandvbapwords.html

for a link to a less expensive solution.

 

[JE McGimpsey]

FWIW, I think JoAnn was rather out of line on this one. Assuming that
someone (who, BTW, posted under a real name and email address and who
has been a relatively frequent poster to many groups) is "nefarious" is
pretty harsh, not to mention horribly paternalistic.

Just based on my experience, it's far more likely that the OP has
forgotten the password on his own important file than that he was trying
to do something illegal - there was nothing in the original post to
indicate one way or the other, though the circumstantial evidence seems
heavily weighted toward legitimacy. (I don't know where JoAnn's "You
mean that's what they *say* is the situation" comes from, since the OP
*didn't* say.)

Unfortunately, XL's password protection is a sham. It ill-serves users
to withhold commonly available tools - it may even lead them to think
that XL's password protections are reliable, when they most definitely
are not.

I assist people on these groups because I like to, not because of what
they might do with it. I'm not going to withhold commonly available
information about passwords from a user just because they might be
dishonest, any more than I worry about whether someone uses that nifty
SUMPRODUCT() formula that I gave them to further their embezzlement.

I've posted a method of bypassing internal password controls to my site
as a convenience - the macro was being posted several times a week to
the newsgroups anyway, so anyone with the sense to Google could find
them.

Likewise, if the OP had chosen to Google for a password crack, he'd have
found hundreds of posts recommending cheap commercial solutions for file
passwords (I don't know of any free ones that are worth anything for
reasonably long passwords).

 

[Harlan Grove]

JoAnn Paules [MSFT MVP] wrote...

You mean that's what they *say* is the situation. I'm a skeptic. If it was
that situation, I'd think there'd have been some mention of the situation.
But when I read "What do you think of this password crack?" or "Where can I
find a free crack?", I don't immediately think, "Gee, some poor employer is
getting done over by a disgruntled former employee!"

....

Some requests are obviously illegal, e.g., "where can I download Office
for free?" When I feel like replying to those requests, I point out
they're illegal. Password cracking isn't necessarily illegal. Why
assume OPs have illegal intent?

 

[David R. Norton MVP]

Password cracking isn't necessarily illegal. Why assume OPs have illegal
intent?

Why assume they don't have illegal intent? It seems to me you'd have to at
least consider the possibility of illegal intent and there's no way to tell
on Usenet if you're being told the truth or a story, is there?

 

[Harlan Grove]

David R. Norton MVP wrote...

Why assume they don't have illegal intent? It seems to me you'd have to at
least consider the possibility of illegal intent and there's no way to tell
on Usenet if you're being told the truth or a story, is there?

No, there's no way to prove anyone else's intentions, on Usenet or in
the real world. So does one walk around assuming everyone else is a
criminal?

so, for those whose first impression is that everyone else is a
criminal, how should one deal with the OP's request? Certainly not
provide the requested advice. That won't do! Remain silent (i.e., just
don't reply)? For the busy-body sorts, that won't do either! The
obvious answer is to become a net-nanny! How silly of me not to have
realized that.

 

[JE McGimpsey]

What benefit to anyone is there in presuming illegal intent, given that
the cracks are commonly available and cheap? Especially since the OP, in
this case, presumably used his real name and address, despite MS's
warnings not to?

If one presumes illegal intent, what should be done about such posts -
does one have a duty to report solicitation to commit a crime? To what
jurisdiction? Does one also have to report anyone who answers as a
co-conspirator?

IMO, it's better to freely admit that Office document protection schemes
are not secure, and direct people to the available information. At the
very least, being honest about the "security" of Office documents may
educate the OP and lurkers that they shouldn't rely on Office protection
for documents in which confidentiality is important.

The presumption of illegal intent simply slows, or prevents, the ability
of legitimate users to recover documents.

 

[David R. Norton MVP]

David R. Norton MVP wrote...

No, there's no way to prove anyone else's intentions, on Usenet or in
the real world. So does one walk around assuming everyone else is a
criminal?

No, but one should consider the possibility.

so, for those whose first impression is that everyone else is a
criminal, how should one deal with the OP's request? Certainly not
provide the requested advice. That won't do! Remain silent (i.e., just
don't reply)? For the busy-body sorts, that won't do either! The
obvious answer is to become a net-nanny! How silly of me not to have
realized that.

How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send someone
on site, verify the legitimacy of the request and act accordingly.

 

[Harlan Grove]

David R. Norton MVP wrote...
....

How silly of you to have posted the above idiocy. The sensible response
would be to tell the OP to contact a local computer shop who can send someone
on site, verify the legitimacy of the request and act accordingly.

....

MVP stading for most vacuous posting?

The OP wanted to save money. A housecall from a local computer shop
would save the OP money?

Who's posting idiocy?!

 

[David R. Norton MVP]

David R. Norton MVP wrote...
...
...

MVP stading for most vacuous posting?

The OP wanted to save money. A housecall from a local computer shop
would save the OP money?

Who's posting idiocy?!

You are. Again...

 

[Harlan Grove]

David R. Norton MVP wrote...

You are. Again...

Fine. I'm the idiot who realizes that honest people seeking to save
money wouldn't bother to follow your oh so sensible advice, and
criminals with half a brain more than you wouldn't bother for different
reasons.

You're the genius who believes money is no object after the OP has
indicated that it is. Apparently you know what the OP wants/needs
better than the OP himself. You must be able to provide detailed
responses to posting with just the word Help in the subject line and no
body, too.

If you want to call what I'm writing idiocy, go ahead. Definitions in
Usenet is maleable. Myself, I'd call it scorn.

 

[David R. Norton MVP]

What benefit to anyone is there in presuming illegal intent, given that
the cracks are commonly available and cheap?

OK, so the availability of Office 2003 in Warez groups means that robbing
the legitimate publisher of the software is all right?

I can't see the ready availability of cracks is justification for using
them.

Especially since the OP, in this case, presumably used his real name and
address, despite MS's warnings not to?

And how do you know he used his real name? I notice while you're defending
him you use the word "presumably" so is it possible you also have some
doubts?

IMO, it's better to freely admit that Office document protection schemes
are not secure, and direct people to the available information.

MHO differs from yours. Next next time I see some disreputable person trying
to open a new luxury car with a coat hanger should I just assume it's his car
and he has a right to it? Isn't that pretty similar to what you're saying?

 

[Echo S]

MHO differs from yours.

IMO, we should call a halt to this thread. It isn't helping the original
poster at all.

 

[JoAnn Paules [MSFT MVP]]

I did say I was a skeptic. And I never said that this particular poster said
anything about a situation. All I did was state my opinion. And you stated
yours. That's cool. The world would be boring if everyone agreed with me.
I'd have to change my mind about things - and then so would everyone else.
ARGH!!!

 

[JoAnn Paules [MSFT MVP]]

Excellent advice, David! But of course, no one ever wants to actually pay
for such services.

--

JoAnn Paules
MVP Microsoft [Publisher]



(snip)

 

[JE McGimpsey]

And I never said that this particular poster said anything about a
situation.

Sorry - it appeared to me that your statement was directed at the OP. I
see now that it was in response to Harlan's straw man. My apologies.

You did, however, rather strongly imply that the OP didn't have the
right to "break into" the file, though you also qualified it with
"maybe".