Cracking Worksheet Tes

[Clara Zellinger]

Itried writing a vba password cracker code similar to the code I used to crack Excel sheet's password But I am not sure if I am doing correctly or not - when i tried this code it prompted me for password but no password was entered to the text input box.

The reason your code is not executing properly is because you are attempting to execute a macro on a password protected execel file, which is not permitted. This is due to the fact that macros will not execute on an excel workbook until the password is entered - thus the prompt for a password before you can execute your macro code.

If you are trying to access the workbook, not the worksheet, there are a variety of ways in versions 2003 and earlier. After a quick perusual, this blogspot Code Samples entry appears to have a working version for unprotecting a 2003 workbook.

The Excel worksheet password protection works by converting the input password to a hash and stores it. A hash is a one-way algorithm that crunches up the bits, losing some information along the way, but generating a fingerprint of the original data. Because of the loss of data, it is impossible to reverse a hash to get the original password, but in the future if someone types in a password it can be hashed and compared against the stored hash. This (usually) makes it more secure than simply storing the password as a string to compare against.

This method is also backwards compatible so it's another way to break the older proprietary md5 sheet protection rather than cracking it. Simply save-as from a .xls version to a .xlsx version before you try it.

If the VBA don't work because you have new excell just save as the file in compatabile with excell 2003, and if asked for extra security choose no.Then all with vsb and one usable password will be AAAAAAAAA :D

We use Eventbrite to manage event bookings. If you view or interact with this content, Eventbrite may store cookies on your device for functional, analytical or targeting purposes. Please accept cookies to book your place, or visit the event listing at Eventbrite.

This content is provided by " + networkList[key] + ". If you view or interact with this content " + networkList[key] + " may store cookies on your device for functional, analytical or targeting purposes. Please accept cookies to use this content.

These write-on worksheets will ask learners to use their knowledge of cracking hydrocarbons in an applied context. Calculation questions are included to give opportunities to practise mathematical skills within this topic. Foundation and higher level worksheets are available and fully editable versions give you the flexibility to select the questions most relevant to a particular lesson. The teacher versions (also editable) give answers to all questions.

So is using a long passphrase generally better than using a complex password? And even if passphrases are better, how would you convince your colleagues and managers of this fact? The above spreadsheet can help settle the issue and convince others that it's time to leave passwords to the dustbin of history. The spreadsheet is in the public domain and can be found in the SEC505 zip file at BlueTeamPowerShell.com along with many other folders and files. The spreadsheet is named "Passphrase_Length_vs_Complexity.xls" and is located in the Extras folder of the SEC505 zip.

This spreadsheet can be added to the "passphrase vs. password debate" that's been around for some time now (see here, here and here) and earlier versions of this spreadsheet have been a part of the Windows Track at SANS for many years.

In the red cells of the spreadsheet you enter your assumptions about your adversaries and your users: How many machines are they running in parallel to crack your passwords? What is the brute-force guessing rate of each machine, e.g., are they using the GPUs from multiple video cards to accelerate the cracking? How many non-alphanumeric characters are your users likely (or required) to use? Do your adversaries know what your minimum password length policy is? And, finally, what percentage of the total number of possibilities (the keyspace) will your adversaries have to search before they crack the password?

That last assumption is intended to account for expert systems or AI password crackers which can use information about your demographics, interests, credit card purchases, psychology, etc. to help improve the guessing. We don't need to know the details of how such systems work, but the net result of using them must be a reduction in the time/space necessary to crack the password or else the AI system would be counter-productive, hence, the spreadsheet tries to accomodate for this by allowing you to reduce the number of password guesses to hash as a percentage of the total possible. For example, if you set the "Percentage Of Keyspace To Be Searched" to 1%, then the AI system will not need to hash 99% of the possible passwords in order to crack your password hash. Of course, we're not talking about popular password cracking tools like L0phtCrack, Cain or John The Ripper, we're talking about cracking systems designed by governments or large corporations for their own "internal" use. If you want to be generous to the popular off-the-shelf crackers, set the percentage to 50% (the smaller the percentage number the more optimistic you are about the effectiveness of the AI and the shorter the amount of time necessary to successfully complete the cracking).

As you move down the rows, the number of characters or words in your password increases. As you move horizontally across the columns, the complexity of your password increases. In the cells in the middle are the maximum number of days, given your cracking assumptions in the red boxes, it would take to perform a 100% exhaustive brute-force crack of the password. To estimate the average number of days, then, cut that number in half. (If I get around to it, I'll make a different spreadsheet for the space requirements for a rainbow tables attack instead of time requirements like this one, but this has already been pretty well worked over.)

Password complexity is good, no doubt about it, but passphrase length is much better. For any given set of assumptions in the red cells of the spreadsheet, as you move horizontally across the spreadsheet to the right (as we increase complexity) the number of days necessary to crack increases, which is good, but as you move down the spreadsheet (as we increase length) the rate of increase in cracking days required grows even faster. In general, then, adding more length is better than adding more complexity. Passphrase hashes are generally much more resilient against cracking than complex-password hashes.

If your password or passphrase is 15 characters in length or longer, the LanManager hash of your password is no longer stored in Active Directory or in the local SAM accounts database (there is also a Group Policy option to enforce this, no matter what the length). LanManager hashes are easy to crack, so getting rid of them is good.

A passphrase which is funny, shocking, outrageous, etc. is much easier to memorize than a random-looking password, hence, random passwords are more likely to be written down on a piece of paper kept near the computer or in the laptop case. A passphrase which looks like a regular note to oneself, like "dont farget to buy choc Milk", isn't obviously a secret passphrase, so if it is written down and kept in the laptop case (not recommended) then it's less likely that a thief will figure out what the note is for, especially if you add some distractors to the note like a doodle, a meeting date, phone number, etc. Also, I personally always make the last character of my passphrases a space character, which is not indicated on any piece of paper I might write that passphrase on (or, if I'm feeling paranoid, I make it a non-western Unicode character).

In general, it takes less time to type a 20-character passphrase than a 10-character random password. I can't prove this, it's not like I've done controlled experiments at conferences, but try it yourself: do you hunt-and-peck, look at the keyboard or simply type slower when typing in a string of random non-alphanumeric symbols? Even if you are an expert typist, most regular users are not.

Other things in Windows are secured by your password. For example, the strength of the encryption on your PPTP VPN is partly a function of the quality of your password, so use a long passphrase with misspellings instead of a short randomish password (even better, user certificate-based authentication, or better still, use smart card authentication with IPSec). Your private keys to your public key certificates, such as for S/MIME e-mail, EAP-TLS WPA wireless and EFS files, are encrypted with your passphrase and other bits, so the longer the passphrase the better the encryption on your private keys. If you're using a boot-up System Key (managed with SYSKEY.EXE) then a passphrase will be harder to crack than a password, and the System Key encrypts other password hashes in the local or Active Directory database, the LSA secrets in the registry, private keys to digital certificates, and some other stuff. And what about cached browser passwords, wireless WPA-PSK passwords, passwords for scheduled jobs, locally cached credentials for domain logon, and all the other ways in which Windows interacts with passwords? In general, we often don't know the details of how well or poorly Windows secures these secrets, so in general it's probably better to use a passphrase instead of password whenever we can.

Users will often use the same password to log onto their desktops as they use to log into Amazon, eBay, PayPal and everywhere else they have to type in a password (phishing issues then become problems for your corporate network). If you require a passphrase at work, then most users will probably go back to choosing a different short non-random password for everything else, which is good for you, bad for them. On the other hand, include in your security awareness training program an exercise on how to use free password manager applications like KeePass, and then train them to use a good passphrase to secure the KeePass database.

3a8082e126