6

I have a long password for an old .odt password-protected document. I am using that password for other purposes so that I am sure that was the initial password of that odt document.

But I have modified very slightly that password for that document and now, because I haven't used that document for years, I have forgotten what exactly that change was. (It seemed so easy to remember when I did it because I was very sure I would not lose the "initial" password etc.)

Is there a way to "crack" that .odt password given the fact that I have a very similar one at hand?

AdminBee
  • 21,637
  • 21
  • 47
  • 71
cipricus
  • 1,386
  • 13
  • 42

1 Answers1

8

Try with John The Ripper extracting the hash using libreoffice2john FILE > odt.hash

Then you'll have to descript the best of your knowledge about the possible password before using john to brute force. (The less uncertainties you leave opened, the lower the processing power needed.

If you can list the possible passwords into a file then simply

john --wordlist=the_pathname_of_list --fork=CORES odt.hash

But there are just many other options that you can use if you know much less such as, for example, iterating over all passwords consisting of numbers, as well as uppercase and lowercase letters, from 1 to 8 characters long:

john --fork=CORES -1=?l?u?d --mask='?1' --min-length=1 --max-length=8 odt.hash

At least, this will provide a good test of your cooling system :-)

MC68020
  • 6,281
  • 2
  • 13
  • 44
  • 1
    ^^ This.... But you could elaborate a bit more: OP needs to put the original password in a file and use `--wordlist=file` and `--rules` option. Might also want to [adapt the rules file](https://www.openwall.com/john/doc/RULES.shtml). – pLumo Jun 08 '22 at 09:20
  • 1
    and it highlights why "slight variations of the same complex password" are, in many scenarios, worse than having different easier passwords: You lose that password once, *all* your documents become quick to crack :/ And losing a password that you use for many things is much more likely (because you're not the one that loses password – it's the services you use getting your password). – Marcus Müller Jun 08 '22 at 09:22
  • `Invalid option parameter: "--fork=CORES"` --? – cipricus Jun 08 '22 at 12:45
  • 1
    @cipricus : Simply replace CORES with the number of threads you accept running in //. – MC68020 Jun 08 '22 at 12:59
  • This odt is made with LOffice 7+, and it seems affected by [libreoffice2john does not work with LibreOffice 7.*](https://github.com/openwall/john/issues/4392). Testing with a file created with 5.3 version (appimage) I don´t see the error, so this might be it, which seems solved by [this](https://github.com/openwall/john/issues/4392#issuecomment-703296113) solution. Could you still bear with my ignorance and tell me what does that solution mean exactly? – cipricus Jun 08 '22 at 15:04
  • In fact I seem to have solved that: replacing `3`with `4` in that line (and nothing else) but `john --wordlist=list.txt --fork=2 odt.hash` says `No password hashes loaded (see FAQ)`. – cipricus Jun 08 '22 at 15:27
  • As an added bonus, use john's word mangling capabilities: `john --wordlist=input.txt --rules --stdout` to get common variations of your original password (e.g. "Myoriginalpassword1", "myoriginalpassword!", "myoriginalpassworD", and so on). – r_31415 Jun 14 '22 at 00:08