Cracking password protected docs

  • Thread starter Thread starter dba_222
  • Start date Start date
D

dba_222

Dear experts,

I did something today, but now I'm having second thoughts.

I'm off to a trip to Italy. I found a hotel. I told them
that I'd call them with the number. But they emailed that they
need the number in writing. I could fax it if I wanted. Odd.

I opened an MS Word doc. I wrote the cc number in another doc,
and took a snagit screen shot of that. Then, I embedded the graphic
in the Word Doc, and password protected the Word Doc.

I called and told them the password, and emailed the document to them.


When I tried this before, I moved the file to Linux, and ran the
strings command to see if I could find anything, but didn't see any
strings that I recognized.

So tell me. Is what I did easily cracked?

I'm thinking that if they can guess the password, they could break
into the doc. Is it possible to see a graphic inside the word doc?

I'm sure it will keep the honest people out , but could a
determined hacker intercept the doc, and find the CC info?


Thanks a lot!
 
From: <[email protected]>

| Dear experts,
|
| I did something today, but now I'm having second thoughts.
|
| I'm off to a trip to Italy. I found a hotel. I told them
| that I'd call them with the number. But they emailed that they
| need the number in writing. I could fax it if I wanted. Odd.
|
| I opened an MS Word doc. I wrote the cc number in another doc,
| and took a snagit screen shot of that. Then, I embedded the graphic
| in the Word Doc, and password protected the Word Doc.
|
| I called and told them the password, and emailed the document to them.
|
| When I tried this before, I moved the file to Linux, and ran the
| strings command to see if I could find anything, but didn't see any
| strings that I recognized.
|
| So tell me. Is what I did easily cracked?
|
| I'm thinking that if they can guess the password, they could break
| into the doc. Is it possible to see a graphic inside the word doc?
|
| I'm sure it will keep the honest people out , but could a
| determined hacker intercept the doc, and find the CC info?
|
| Thanks a lot!

The ability or inability to crack the password using a password cracking tool will depend
upon the strength of the password used.
 
Dear experts,

I did something today, but now I'm having second thoughts.

I'm off to a trip to Italy. I found a hotel. I told them
that I'd call them with the number. But they emailed that they
need the number in writing. I could fax it if I wanted. Odd.

I opened an MS Word doc. I wrote the cc number in another doc,
and took a snagit screen shot of that. Then, I embedded the graphic
in the Word Doc, and password protected the Word Doc.

I called and told them the password, and emailed the document to them.


When I tried this before, I moved the file to Linux, and ran the
strings command to see if I could find anything, but didn't see any
strings that I recognized.

So tell me. Is what I did easily cracked?

I'm thinking that if they can guess the password, they could break
into the doc. Is it possible to see a graphic inside the word doc?

I'm sure it will keep the honest people out , but could a
determined hacker intercept the doc, and find the CC info?
Click to expand...

Google for ms-word password recovery --> 667,000 hits.
 
I opened an MS Word doc. I wrote the cc number in another doc,
and took a snagit screen shot of that. Then, I embedded the graphic
in the Word Doc, and password protected the Word Doc.

So tell me. Is what I did easily cracked?

I'm sure it will keep the honest people out , but could a
determined hacker intercept the doc, and find the CC info?
Click to expand...

Possibly, if any determined hacker was interested. However, your credit
card number is generally more likely to be disclosed by handing it to a
waiter or by someone reading your CC bill before or after you get it, than
by electronic transmission across the Internet with even an insecure
password.

Brute force cracking of Office 2000 and newer documents is close to
impossible, as long as you did not use an easy to guess password, and the
password is seven characters or longer. Almost all of the Office password
crackers on the Internet use this method and have this limitation.

However, Office docs may be vulnerable to someone clever blanking out the
password using a hex editor. Some versions of Office were definitely
vulnerable to this attack.
 
Dear experts,

We're not experts. We're a bunch of people on the internet who you
don't know, have no reason to trust, and mostly you can't verify any
credentials we claim to possess. Be very careful before taking
seriously any advice you get for free.

If you want high-quality advice, hire an information-security expert.
So tell me. Is what I did easily cracked?
Click to expand...

For some definition of 'easily', sure. You might not be able to do it,
but a twelve-year-old with the right Perl script probably could.
I'm sure it will keep the honest people out , but could a
determined hacker intercept the doc, and find the CC info?
Click to expand...

Yes.
 
Dear experts,

I did something today, but now I'm having second thoughts.

I'm off to a trip to Italy. I found a hotel. I told them
that I'd call them with the number. But they emailed that they
need the number in writing. I could fax it if I wanted. Odd.

I opened an MS Word doc. I wrote the cc number in another doc,
and took a snagit screen shot of that. Then, I embedded the graphic
in the Word Doc, and password protected the Word Doc.

I called and told them the password, and emailed the document to them.


When I tried this before, I moved the file to Linux, and ran the
strings command to see if I could find anything, but didn't see any
strings that I recognized.

So tell me. Is what I did easily cracked?

I'm thinking that if they can guess the password, they could break
into the doc. Is it possible to see a graphic inside the word doc?

I'm sure it will keep the honest people out , but could a
determined hacker intercept the doc, and find the CC info?


Thanks a lot!
Click to expand...


Honestly, you are better off using a fax. All encryption can be broken. It
really comes down to a measure of time. If you are nervous, call your
credit card company and ask them to issue you a new card as you "lost" your
old one (request they issue you a new cc number).

-- Imhotep
 
David said:
From: <[email protected]>

| Dear experts,
|
| I did something today, but now I'm having second thoughts.
|
| I'm off to a trip to Italy. I found a hotel. I told them
| that I'd call them with the number. But they emailed that they
| need the number in writing. I could fax it if I wanted. Odd.
|
| I opened an MS Word doc. I wrote the cc number in another doc,
| and took a snagit screen shot of that. Then, I embedded the graphic
| in the Word Doc, and password protected the Word Doc.
|
| I called and told them the password, and emailed the document to them.
|
| When I tried this before, I moved the file to Linux, and ran the
| strings command to see if I could find anything, but didn't see any
| strings that I recognized.
|
| So tell me. Is what I did easily cracked?
|
| I'm thinking that if they can guess the password, they could break
| into the doc. Is it possible to see a graphic inside the word doc?
|
| I'm sure it will keep the honest people out , but could a
| determined hacker intercept the doc, and find the CC info?
|
| Thanks a lot!

The ability or inability to crack the password using a password cracking
tool will depend upon the strength of the password used.
Click to expand...

Somewhat true. However, you forgot the most important piece, The encryption
algorithm used! Remember the first "encryption" program you write when
learning how to program the XOR "encryption" program (shortly after "hello
World")? It is "encryption", I guess, but easily cracked...

-- Imhotep
 
Dave,
The short answer is Yes..the password can be broken (not allot of effort,
but not entirely easy or fast either)
The long answer is: You have about a zero percent chance that someone
sniffed out your packets enroute to Italy. Why would they unless you are
concerned that a hacker has singled you out for packet sniffing (or some kid
working at your ISP that likes to monitor your email)
There are billions of emails rolling across the Internet every day. A hacker
would have to spend an awful lot of time reading emails, and by chance, come
across YOUR email to Italy. Pretty damned unlikely. If I were you, I would
sleep sound at night and not worry about this email compromising your credit
card. It's a whole lot easier for an unscrupulous Italian waiter to steal
your credit card number.

Sweet Dreams,
Bud
 
Back
Top