Archive for the ‘Password Cracking’ Category

Cracking hashes using findmyhash

January 24, 2012 Leave a comment

Hashcat is the definitely tool to use for cracking hashes. It might be highly possible that the hash might have been cracked by others online.

Therefore, it might be more convenient to perform a lookup using the online free services before even trying to crack the hash with Hashcat.

findmyhash is a very useful tool for cracking the hashes using free online services.

Most of the password dumps have been appearing on websites like and it makes it even more useful if findmyhash is able to find and crack md5/sha1 hashes located in a website link like pastebin. I have submitted a patch to for this new feature.

If you do not feel comfortable with another party knowing about the hashes, you should skip using findmyhash all together and dive straight to hashcat instead.

Read more…

Excel Password Cracker

November 20, 2009 Leave a comment

I wrote an excel password cracker in Java.

There are a couple of password protections in Excel 2003
1. File encryption password – To protect file from viewing
2. File sharing password – To protect file from modification
3. Excel worksheet/workbook protection – To protect the cells and objects on a worksheet from modification

The java code uses Apache Jakarta for extracting the password hashes.
An executable version can also be found on my google project site.

This tool currently only brute forces the (3) excel worksheet/workbook protection password.

There are a large number of collisions for the worksheet/workbook protection password hash.
Therefore, it is possible to use a different password to unprotect the worksheet/workbook.
This speeds up the brute forcing process significantly.

I am still working on the code for brute forcing the file password hashes.

I might also be working on a tool to generate the rainbow tables for excel password hashes.

The code can be found at

If you are interested in working with me on this project, do drop me an email at keithlee2012[at] or buzz me on twitter @keith55

Categories: Password Cracking