Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cracking Passwords 4

Status
Not open for further replies.

lothadio

Programmer
Apr 5, 2001
27
SI
I forgot my access database password, Can anyone help me crack it? I have looked on the net for Password recovery software and cannot find any freeware. Please help I need my data for a client asap

Thanks
 
I don't have the exact code, but I've heard that there is a way to determine a user's password using the VBA SetPassword method. I don't remember the details, but a friend of mine has used it before.

Dave Robinder, MCSD
 
Function AccessPassword(ByVal Filename As String) As String
Dim MaxSize, NextChar, MyChar, secretpos, TempPwd
Dim secret(13)
secret(0) = (&H86)
secret(1) = (&HFB)
secret(2) = (&HEC)
secret(3) = (&H37)
secret(4) = (&H5D)
secret(5) = (&H44)
secret(6) = (&H9C)
secret(7) = (&HFA)
secret(8) = (&HC6)
secret(9) = (&H5E)
secret(10) = (&H28)
secret(11) = (&HE6)
secret(12) = (&H13)
secretpos = 0
Open Filename For Input As #1 ' Open file for input.


For NextChar = 67 To 79 Step 1 'Read In Encrypted Password
Seek #1, NextChar ' Set position.
MyChar = Input(1, #1) ' Read character.
TempPwd = TempPwd & Chr(Asc(MyChar) Xor secret(secretpos)) 'Decrypt using Xor
secretpos = secretpos + 1 'increment pointer
Next NextChar
Close #1 ' Close file.
AccessPassword = TempPwd
MsgBox AccessPassword
End Function


 
Wow Chance... I had to go test that out and it works GREAT!!! Terry M. Hoey
 
BTW, can I suggest that you make this into a FAQ? I have seen this same question a lot of times. (Not that they will look at the FAQ first, but we can send them there... Terry M. Hoey
 
O.K. what don't I understand. What 'filename' is used for the input?

All I get is some gibberish ("High AZSCII") sTUUUUUUUFFFFFff

It HAS to be me, but what part of ME don't I understand?

MichaelRed
m.red@att.net

There is never time to do it right but there is always time to do it over
 
I am not sure how to use this code. Would it be possible for you to explain in a bit more detail please?
 
This only does the database password...what about the user-level passwords?
--Jim
 
I'm guessing here - but this seems to work on Access97 databases, not Access2000. --------------
A little knowledge is a dangerous thing.
 
Michael, I assume you run this from somewhere else and the filename is the access database. It this works, it's crap security isn't it. Peter Meachem
peter@accuflight.com
 
Peter,
Yes, this is run from another .mdb. And it works, the same code with slightly different syntax was posted here about a year ago. But the 'database password' was never meant to be any more than cursory security to keep out the causal user. I'm more interested if this company has cracks for user-level security. Their website shows a screen shot with user-level security broken, but the 'demo' curiously doesn't demo that pariticular gem. Plus, they want $350 for the 'full' tool, which I guess is the one that cracks user level security.

The data that I (and I would hope anyone) secures with Access is never so critical that a breach would be devastating--else we wouldn't be using Access for that data. However, some of it in my case is data that I and the clients would very very much prefer the users not see, but the vast majority of my Access user-level security is to keep users from messing with the forms, reports, code, etc. If one of my users wants to mess with my forms so bad that they'll spend $350 to do so, then c'est la vie.
--Jim
 
I guess it's "Me Bad" time. I jumped (lept - without a glance?) at the conclusion w/o reading. It does DATABASE level password and (Rather OBVIOUSLY) NOT User Level security.

Well at least I can make it through the night with SOME level of comfort. Not EVERYTHING ever protected is available to the universe for the taking.

MichaelRed
m.red@att.net

There is never time to do it right but there is always time to do it over
 
Michael,
Bad news. I contacted the company, they emailed me and it *does* do user-level security. They will get back to me on the price. I did the demo and it indeed returned the first 2 letters of my user-level security. SO....

I too had serious concerns of this. But, since the pwds are in the .mdw--if you develop with a *separate* .mdw, you can keep the superuser password there, and it's impossible to find that password if they ('they' being the evil-doers with this new cracking tool) don't have the .mdw.

If you just have single permission levels per front-end .mdb (as I've found is often the most efficient and feasible) ie, the Order-Entry front end has only order-entry people using it, the Reporting front end is a different .mdb with different permission levels and the corresponding .mdw exists on those different user's pcs. Now you can have the low-leve (most restricted) user's .mdws on the network, and the higher permission level front-ends can have their .mdws on the individual pc's of those users. Or you could assign network permissions per OS user to the different .mdw files on the network, but the OS user isn't necessarily the same as the Access user, though in some cases this may be enough.

This requires a bit more administration since the complete solution is a separate .mdw for each permission level, on each machine. But it is the only way to keep things secure...the bar has been raised.
--Jim
 
I've been using Passware from lostpassword.com for a couple of years. They have a package that will break the passwords on most any program that uses one. It will give you all the information stored in the .mdw security file (Group info and User Passwords). This covers "Database Level" and "User Level" security. I only use it to recover lost passwords (especially Excel passwords) for the many users we have within the company I work for. It is illegal to break into a secured database without the permission of the owner of the app.

RDH Ricky Hicks
Birmimgham, Alabama


 
rhicks

Is it possible that you could share your lostpassword.com software with me for a one time use? I cannot afford to by this direct as of now, I am trying to get a business of the ground and the guy who was suppose to be my partner changed all the passwords on my client list(ACCESS 97) and stole my laptop with my copy of the database, I cannot do anything without this data, I am very desperate and would appreciate your help

Thanks for your help n advance

Christopher
 
Christopher .....

If you indeed are authorized to open this secured database, I will be happy to give you hand.

If this is Access User Level Security ............
Hopefully you still have a copy of the security file (.mdw), if you don't ... you are in trouble.

Email me a copy of the .mdw security file. I will email you back all the UserName, GroupInfo, and Passwords.

Again ... "Please don't ask me to do something illegal".

rdhicks@mindspring.com

RDH
Ricky Hicks
Birmimgham, Alabama


 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top