Is it possible to attack a Word 2003 doc with a 128 bits RC4 key ? ($oldoffice $4)

[lionbladerunner]

Hello guys,

So I have this old Word 2003 file that I forgot the password of. I tried numerous way to recover the password, but with no success so far.

A fellow hashcat user shared with me the method https://hashcat.net/forum/thread-3665.html which consist of attacking the RC4 key, instead of the password itself.

The thing is, my document is an $oldoffice$4 with SHA1 + 128 bits RC4, while the oldoffice 1, 2 and 3 have a 40 bits RC4, so the method described in the post doesn't work.

My question is : since Word 2003 is a nearly 20 years old format, are there other know vulnerabilities that I can exploit to get access to the file without knowing the password ?

[marc1n]

You can't break a hash with a vulnerability, try using john the ripper maybe it will help https://www.openwall.com/john/

[lionbladerunner]

You can't break a hash with a vulnerability, try using john the ripper maybe it will help https://www.openwall.com/john/

Thanks, I installed john the ripper and looked at the documentation, but it looks like an inferior version of hashcat, and doesn't seem capable of exploiting any vulnerabilities.

Am I missing something ?

[marc1n]

You can't break a hash with a vulnerability, try using john the ripper maybe it will help https://www.openwall.com/john/

Thanks, I installed john the ripper and looked at the documentation, but it looks like an inferior version of hashcat, and doesn't seem capable of exploiting any vulnerabilities.

Am I missing something ?

Programmes such as hashcat or john do not exploit the vulnerabilities or gaps found. They only break hashes.