Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cracking Passwords 4
- Thread starter lothadio
- Start date
-
1
- #3
Look at the following link. They have a demo version that will provide you the first two characters of the password. Maybe that will remind you what the password was...
Terry M. Hoey
Terry M. Hoey
-
3
- #4
Chance1234
IS-IT--Management
Function AccessPassword(ByVal Filename As String) As String
Dim MaxSize, NextChar, MyChar, secretpos, TempPwd
Dim secret(13)
secret(0) = (&H86)
secret(1) = (&HFB)
secret(2) = (&HEC)
secret(3) = (&H37)
secret(4) = (&H5D)
secret(5) = (&H44)
secret(6) = (&H9C)
secret(7) = (&HFA)
secret(8) = (&HC6)
secret(9) = (&H5E)
secret(10) = (&H28)
secret(11) = (&HE6)
secret(12) = (&H13)
secretpos = 0
Open Filename For Input As #1 ' Open file for input.
For NextChar = 67 To 79 Step 1 'Read In Encrypted Password
Seek #1, NextChar ' Set position.
MyChar = Input(1, #1) ' Read character.
TempPwd = TempPwd & Chr(Asc(MyChar) Xor secret(secretpos)) 'Decrypt using Xor
secretpos = secretpos + 1 'increment pointer
Next NextChar
Close #1 ' Close file.
AccessPassword = TempPwd
MsgBox AccessPassword
End Function
Dim MaxSize, NextChar, MyChar, secretpos, TempPwd
Dim secret(13)
secret(0) = (&H86)
secret(1) = (&HFB)
secret(2) = (&HEC)
secret(3) = (&H37)
secret(4) = (&H5D)
secret(5) = (&H44)
secret(6) = (&H9C)
secret(7) = (&HFA)
secret(8) = (&HC6)
secret(9) = (&H5E)
secret(10) = (&H28)
secret(11) = (&HE6)
secret(12) = (&H13)
secretpos = 0
Open Filename For Input As #1 ' Open file for input.
For NextChar = 67 To 79 Step 1 'Read In Encrypted Password
Seek #1, NextChar ' Set position.
MyChar = Input(1, #1) ' Read character.
TempPwd = TempPwd & Chr(Asc(MyChar) Xor secret(secretpos)) 'Decrypt using Xor
secretpos = secretpos + 1 'increment pointer
Next NextChar
Close #1 ' Close file.
AccessPassword = TempPwd
MsgBox AccessPassword
End Function
MichaelRed
Programmer
O.K. what don't I understand. What 'filename' is used for the input?
All I get is some gibberish ("High AZSCII"
sTUUUUUUUFFFFFff
It HAS to be me, but what part of ME don't I understand?
MichaelRed
m.red@att.net
There is never time to do it right but there is always time to do it over
All I get is some gibberish ("High AZSCII"
sTUUUUUUUFFFFFffIt HAS to be me, but what part of ME don't I understand?
MichaelRed
m.red@att.net
There is never time to do it right but there is always time to do it over
mswilson16
Programmer
I am not sure how to use this code. Would it be possible for you to explain in a bit more detail please?
petermeachem
Programmer
Michael, I assume you run this from somewhere else and the filename is the access database. It this works, it's crap security isn't it. Peter Meachem
peter@accuflight.com
peter@accuflight.com
Peter,
Yes, this is run from another .mdb. And it works, the same code with slightly different syntax was posted here about a year ago. But the 'database password' was never meant to be any more than cursory security to keep out the causal user. I'm more interested if this company has cracks for user-level security. Their website shows a screen shot with user-level security broken, but the 'demo' curiously doesn't demo that pariticular gem. Plus, they want $350 for the 'full' tool, which I guess is the one that cracks user level security.
The data that I (and I would hope anyone) secures with Access is never so critical that a breach would be devastating--else we wouldn't be using Access for that data. However, some of it in my case is data that I and the clients would very very much prefer the users not see, but the vast majority of my Access user-level security is to keep users from messing with the forms, reports, code, etc. If one of my users wants to mess with my forms so bad that they'll spend $350 to do so, then c'est la vie.
--Jim
Yes, this is run from another .mdb. And it works, the same code with slightly different syntax was posted here about a year ago. But the 'database password' was never meant to be any more than cursory security to keep out the causal user. I'm more interested if this company has cracks for user-level security. Their website shows a screen shot with user-level security broken, but the 'demo' curiously doesn't demo that pariticular gem. Plus, they want $350 for the 'full' tool, which I guess is the one that cracks user level security.
The data that I (and I would hope anyone) secures with Access is never so critical that a breach would be devastating--else we wouldn't be using Access for that data. However, some of it in my case is data that I and the clients would very very much prefer the users not see, but the vast majority of my Access user-level security is to keep users from messing with the forms, reports, code, etc. If one of my users wants to mess with my forms so bad that they'll spend $350 to do so, then c'est la vie.
--Jim
MichaelRed
Programmer
I guess it's "Me Bad" time. I jumped (lept - without a glance?) at the conclusion w/o reading. It does DATABASE level password and (Rather OBVIOUSLY) NOT User Level security.
Well at least I can make it through the night with SOME level of comfort. Not EVERYTHING ever protected is available to the universe for the taking.
MichaelRed
m.red@att.net
There is never time to do it right but there is always time to do it over
Well at least I can make it through the night with SOME level of comfort. Not EVERYTHING ever protected is available to the universe for the taking.
MichaelRed
m.red@att.net
There is never time to do it right but there is always time to do it over
Michael,
Bad news. I contacted the company, they emailed me and it *does* do user-level security. They will get back to me on the price. I did the demo and it indeed returned the first 2 letters of my user-level security. SO....
I too had serious concerns of this. But, since the pwds are in the .mdw--if you develop with a *separate* .mdw, you can keep the superuser password there, and it's impossible to find that password if they ('they' being the evil-doers with this new cracking tool) don't have the .mdw.
If you just have single permission levels per front-end .mdb (as I've found is often the most efficient and feasible) ie, the Order-Entry front end has only order-entry people using it, the Reporting front end is a different .mdb with different permission levels and the corresponding .mdw exists on those different user's pcs. Now you can have the low-leve (most restricted) user's .mdws on the network, and the higher permission level front-ends can have their .mdws on the individual pc's of those users. Or you could assign network permissions per OS user to the different .mdw files on the network, but the OS user isn't necessarily the same as the Access user, though in some cases this may be enough.
This requires a bit more administration since the complete solution is a separate .mdw for each permission level, on each machine. But it is the only way to keep things secure...the bar has been raised.
--Jim
Bad news. I contacted the company, they emailed me and it *does* do user-level security. They will get back to me on the price. I did the demo and it indeed returned the first 2 letters of my user-level security. SO....
I too had serious concerns of this. But, since the pwds are in the .mdw--if you develop with a *separate* .mdw, you can keep the superuser password there, and it's impossible to find that password if they ('they' being the evil-doers with this new cracking tool) don't have the .mdw.
If you just have single permission levels per front-end .mdb (as I've found is often the most efficient and feasible) ie, the Order-Entry front end has only order-entry people using it, the Reporting front end is a different .mdb with different permission levels and the corresponding .mdw exists on those different user's pcs. Now you can have the low-leve (most restricted) user's .mdws on the network, and the higher permission level front-ends can have their .mdws on the individual pc's of those users. Or you could assign network permissions per OS user to the different .mdw files on the network, but the OS user isn't necessarily the same as the Access user, though in some cases this may be enough.
This requires a bit more administration since the complete solution is a separate .mdw for each permission level, on each machine. But it is the only way to keep things secure...the bar has been raised.
--Jim
I've been using Passware from lostpassword.com for a couple of years. They have a package that will break the passwords on most any program that uses one. It will give you all the information stored in the .mdw security file (Group info and User Passwords). This covers "Database Level" and "User Level" security. I only use it to recover lost passwords (especially Excel passwords) for the many users we have within the company I work for. It is illegal to break into a secured database without the permission of the owner of the app.
RDH Ricky Hicks
Birmimgham, Alabama
RDH Ricky Hicks
Birmimgham, Alabama
- Thread starter
- #16
rhicks
Is it possible that you could share your lostpassword.com software with me for a one time use? I cannot afford to by this direct as of now, I am trying to get a business of the ground and the guy who was suppose to be my partner changed all the passwords on my client list(ACCESS 97) and stole my laptop with my copy of the database, I cannot do anything without this data, I am very desperate and would appreciate your help
Thanks for your help n advance
Christopher
Is it possible that you could share your lostpassword.com software with me for a one time use? I cannot afford to by this direct as of now, I am trying to get a business of the ground and the guy who was suppose to be my partner changed all the passwords on my client list(ACCESS 97) and stole my laptop with my copy of the database, I cannot do anything without this data, I am very desperate and would appreciate your help
Thanks for your help n advance
Christopher
Christopher .....
If you indeed are authorized to open this secured database, I will be happy to give you hand.
If this is Access User Level Security ............
Hopefully you still have a copy of the security file (.mdw), if you don't ... you are in trouble.
Email me a copy of the .mdw security file. I will email you back all the UserName, GroupInfo, and Passwords.
Again ... "Please don't ask me to do something illegal".
rdhicks@mindspring.com
RDH
Ricky Hicks
Birmimgham, Alabama
If you indeed are authorized to open this secured database, I will be happy to give you hand.
If this is Access User Level Security ............
Hopefully you still have a copy of the security file (.mdw), if you don't ... you are in trouble.
Email me a copy of the .mdw security file. I will email you back all the UserName, GroupInfo, and Passwords.
Again ... "Please don't ask me to do something illegal".
rdhicks@mindspring.com
RDH
Ricky Hicks
Birmimgham, Alabama
- Status
