Microsoft PowerPoint’s Funny Read-only Protection Bypass

The Prologue

@paranoidninja created a PPT file in Microsoft Windows PowerPoint 2016 for his presentation on Botnet Development at Defcon 9111. And decided to upload the file on our website by applying restriction on the file so that readers can only view the slideshow but not modify the content.

We followed a similar way from Microsoft’s website.

Link- https://support.microsoft.com/en-us/help/278566/password-to-modify-a-presentation-is-required-when-you-open-the-presen

Let’s restrict the content modification!

This is how we applied the restriction:

  • Go to File>> Save As >> More Options

  • Go to General Options

Set a password to modify.

Now, there are two options:

  • Password to open
  • Password to modify

As we want our readers to open the file but not modify the content, so we selected second option. (Password to modify) and saved the file.

  • Now if you open the file, it asks for the password. If you want to modify, enter password. Or open in “Read Only” mode. When you click on “Enable Editing”, it again asks for the password.

Here comes the funny part. Let’s remove the Restriction:

Change the file extension from .pptx to .zip and open the archive, go to ppt directory.

Open the file presentation.xml

Now remove this piece of code starting from <p:modifyVerifier crytProviderType………….”/>

Save the file. And rename the .zip back to .pptx

Now, open the .PPTX file and you can edit it.

You can find the PPT file (with modification restriction 😉 ) inside the dossier section.

In this section, we will share our random findings and funniest security implementations. Post you opinions below in the comments area.

Security Engineer || Windows System Administrator || Researching on Active Directory attacks. Twitter ID is @WinsaafMan

Tags: , ,

Winsaaf Man

Security Engineer || Windows System Administrator || Researching on Active Directory attacks. Twitter ID is @WinsaafMan

2 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*