MS Access 2004/2007 Password Storage/Cracking RRS feed

  • Question

  • Hello -


    I am currently working on a research project for my undergraduate bachelors degree in computer science, and my topic is on database vulnerabilities.  Specifically, I am trying to develop an application (in C#) that will scan and possibly fix some common errors (like SQL injection attacks, buffer overflows, etc).  The first (and smallest) portion of my project is taking an Access database (that uses Access' password protection feature) and cracking the password.


    Basically I am trying to figure out how Access stores its passwords and how I should process in attacking the database.  Should I open it with an ADO connection, the Microsoft Access Object Library, etc?  I've tried searching the net for this type of information, but I can't seem to find anything useful.


    Any ideas?  I can assure you that this will be used strictly for educational purposes only.  Also, this is a time sensitive project so the quicker the responses, the better.  Thanks.



    K Caston

    Sunday, November 11, 2007 6:15 AM

All replies

  • I actually have a small update on my status.  I was able to use an OleDBConnection to test my passwords.  Basically, I am using a while loop over a dictionary (a list of words in a .txt file in a StreamReader) to test my passwords.  The connection string looks like:


    Code Block

    conn = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + filePath + ";Jet OLEDB:Database Password=" + currentPassword + ";");



    filePath is the path to an Access database specified by my program.  currentPassword refers tot he current line of text (password) that the SreamReader is at.  Now this works, but it is terribly slow.  Does anyone have any suggestions on how to greatly improve the performance of my application?  This is also just when I am using regular dictionary words - I expect my program to come to a grinding halt when I introduce permutations (speaking of which, does anybody have a good algorithm for computing those suitable for password cracking?).  Thanks everyone.
    Sunday, November 11, 2007 7:18 AM