Password recovery (cracking) of protected Office documents such as Word (doc/docx) or Excel (xls/xlsx) can be achieved by simply guessing the password. No this is not a joke. Guessing the password is the only way to crack the hash. However, you can do better than typing in thousands of passwords by hand. Using password recovery tools such as John the Ripper (jtr) or cudaHashcat simple passwords crumble when attacked.
Try our free online password recovery tool below to quickly determine if a password protected document has a weak password. Number of attempts at recovering the passwords will depend on the version of Microsoft Office the document was saved in. The number of passwords tested will be millions for older versions of Office such as Office 97/2003 or only a few thousand in later versions of Microsoft Office 2013 / 2016.
Digging into the Process of Office Password Recovery
The two password recovery tools mentioned above are both open source and freely available. They are also the worlds most advanced password cracking tools.
John the Ripper (community contributed version) can be used to attack a range of different types of password hashes. CudaHashcat utilizes GPU cores to brute force hashes as fast as possible. Both of these tools extract the hash from the first part of the Office document, this hash is then the key that is attacked in order to guess the password for the document.
Essential the tools work by generating hashes from known strings of characters (Password1, Password2, Password3) and seeing if the resulting hash matches the one in the document. If the hashes match then the password has been found. Using a large list of common passwords is the fastest way to find passwords as a large majority of people use non-complex combinations as their password.