Author: nick Date: Thu Aug 10 12:43:16 2017 New Revision: 1804667 URL: http://svn.apache.org/viewvc?rev=1804667&view=rev Log: Add an example of trying multiple passwords against an OOXML file. More a demo than anything, GPU enabled tools are much faster!
Added: poi/trunk/src/examples/src/org/apache/poi/crypt/examples/OOXMLPasswordsTry.java (with props) Added: poi/trunk/src/examples/src/org/apache/poi/crypt/examples/OOXMLPasswordsTry.java URL: http://svn.apache.org/viewvc/poi/trunk/src/examples/src/org/apache/poi/crypt/examples/OOXMLPasswordsTry.java?rev=1804667&view=auto ============================================================================== --- poi/trunk/src/examples/src/org/apache/poi/crypt/examples/OOXMLPasswordsTry.java (added) +++ poi/trunk/src/examples/src/org/apache/poi/crypt/examples/OOXMLPasswordsTry.java Thu Aug 10 12:43:16 2017 @@ -0,0 +1,119 @@ +/* + * ==================================================================== + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ==================================================================== + */ + +package org.apache.poi.crypt.examples; + +import java.io.BufferedReader; +import java.io.Closeable; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; + +import org.apache.poi.poifs.crypt.Decryptor; +import org.apache.poi.poifs.crypt.EncryptionInfo; +import org.apache.poi.poifs.filesystem.POIFSFileSystem; + +/** + * Tries a list of possible passwords for an OOXML protected file + * + * Note that this isn't very fast, and is aimed at when you have + * just a few passwords to check. + * For serious processing, you'd be best off grabbing the hash + * out with POI or office2john.py, then running that against + * "John The Ripper" or GPU enabled version of "hashcat" + */ +public class OOXMLPasswordsTry implements Closeable { + private POIFSFileSystem fs; + private EncryptionInfo info; + private Decryptor d; + + private OOXMLPasswordsTry(POIFSFileSystem fs) throws IOException { + info = new EncryptionInfo(fs); + d = Decryptor.getInstance(info); + this.fs = fs; + } + private OOXMLPasswordsTry(File file) throws IOException { + this(new POIFSFileSystem(file, true)); + } + private OOXMLPasswordsTry(InputStream is) throws IOException { + this(new POIFSFileSystem(is)); + } + + public void close() throws IOException { + fs.close(); + } + + public String tryAll(File wordfile) throws IOException, GeneralSecurityException { + // Load + BufferedReader r = new BufferedReader(new FileReader(wordfile)); + long start = System.currentTimeMillis(); + int count = 0; + + // Try each password in turn, reporting progress + String valid = null; + String password = null; + while ((password = r.readLine()) != null) { + if (isValid(password)) { + valid = password; + break; + } + count++; + + if (count % 1000 == 0) { + int secs = (int)((System.currentTimeMillis() - start) / 1000); + System.out.println("Done " + count + " passwords, " + + secs + " seconds, last password " + password); + } + } + + // Tidy and return (null if no match) + r.close(); + return valid; + } + public boolean isValid(String password) throws GeneralSecurityException { + return d.verifyPassword(password); + } + + public static void main(String[] args) throws Exception { + if (args.length < 2) { + System.err.println("Use:"); + System.err.println(" OOXMLPasswordsTry <file.ooxml> <wordlist>"); + System.exit(1); + } + File ooxml = new File(args[0]); + File words = new File(args[1]); + + System.out.println("Trying passwords from " + words + " against " + ooxml); + System.out.println(); + + OOXMLPasswordsTry pt = new OOXMLPasswordsTry(ooxml); + String password = pt.tryAll(words); + pt.close(); + + System.out.println(); + if (password == null) { + System.out.println("Error - No password matched"); + } else { + System.out.println("Password found!"); + System.out.println(password); + } + } +} Propchange: poi/trunk/src/examples/src/org/apache/poi/crypt/examples/OOXMLPasswordsTry.java ------------------------------------------------------------------------------ svn:eol-style = native --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@poi.apache.org For additional commands, e-mail: commits-h...@poi.apache.org