When editing files in Excel, if you do not want others to modify the file content, we usually add a password to the worksheet or workbook to protect the file.
What should we do if we download an Excel file from the Internet with a worksheet/workbook password protection and we urgently need to modify this file? Today, let's talk about the attack and prevention of the password in the Excel worksheet/Workbook. The so-called "no hardware shield, no shortest Spear", and the relationship between the spear and shield depends on how we deal with it. Okay. If you want to talk less, just sing on the board. How do I set the worksheet/workbook password? After creating an Excel worksheet, click "Protect" under the Tools menu> "protect worksheet/Workbook". In the displayed dialog box, set the password. Password settings are as complex as possible to prevent brute force cracking. At this point, the worksheet/workbook password has been set. Next we will start to explain how to crack this password. How can I crack this password? Note: It is best to back up data before cracking, to avoid accidents! Most people think of using software to crack passwords. Today we use VBA to crack passwords. Open the VBA editor. 1. Click Tools> macros> Visual Basic Editor to open the VBA editor. 2. In the Visual Basic Editor, click Insert-> module to insert a new module. Our code is written to this new module. 3. Copy the following code to the module without modifying any code.
| Option explicit Public sub allinternalpasswords ()
'Breaks worksheet and workbook structure passwords. Bob McCormick
'Bably originator of base code algorithm modified for coverage
'Of workbook structure/Windows passwords and for multiple passwords
'
'Norman Harker and je mcgimpsey 27-dec-2002 (Version 1.1)
'Modified 2003-apr-04 by JEM: All msgs to constants, and
'Eliminate one exit sub (version 1.1.1)
'Reveals hashed passwords not original passwords
Const dblspace as string = vbnewline & vbnewline
Const authors as string = dblspace & vbnewline &_
"Adapted from Bob McCormick base code "&_
"Norman Harker and je mcgimpsey"
Const header as string = "allinternalpasswords user message"
Const version as string = dblspace & "version 1.1.1 2003-apr-04" & vbcrlf & "beyondpc" & vbcrlf & "http://blog.sina.com.cn/beyondpc"
Const repback as string = dblspace & "Please report failure "&_
"To the Microsoft. Public. Excel. Programming newsgroup ."
Const allclear as string = dblspace & "the workbook shocould "&_
"Now be free of all password protection, so make sure you :"&_
Dblspace & "Save it now! "& Dblspace &" and also "&_
Dblspace & "backup !, Backup !!, Backup !!! "&_
Dblspace & "also, remember that the password was "&_
"Put there for a reason. Don't stuff up crucial formulas "&_
"Or data." & dblspace & "Access and Use of some data "&_
"May be an offense. If in doubt, don't ."
Const msgnopwords1 as string = "there were no passwords on "&_
"Sheets, or workbook structure or windows." & authors & version
Const msgnopwords2 as string = "there was no protection "&_
"Workbook structure or windows." & dblspace &_
"Proceeding to unprotect sheets." & authors & version
Const msgtaketime as string = "after pressing OK button this "&_
"Will take some time." & dblspace & "amount of time "&_
"Depends on how many different passwords, "&_
"Passwords, and your computer's specification." & dblspace &_
"Just be patient! Make me a coffee! "& Authors & version
Const msgpwordfound1 as string = "You had a worksheet "&_
"Structure or Windows password set." & dblspace &_
"The Password Found was:" & dblspace & "$" & dblspace &_
"Note it down for potential future use in other workbooks "&_
"The same person who set this password." & dblspace &_
"Now to check and clear other passwords." & authors & version
Const msgpwordfound2 as string = "You had a worksheet "&_
"Password set." & dblspace & "the Password Found was :"&_
Dblspace & "$" & dblspace & "note it down for potential "&_
"Future use in other workbooks by same person who "&_
"Set this password." & dblspace & "now to check and clear "&_
"Other passwords." & authors & version
Const msgonlyone as string = "only structure/Windows "&_
"Protected with the password that was just found ."&_
Allclear & authors & version & repback
Dim W1 as worksheet, W2 as Worksheet
Dim I as integer, J as integer, K as integer, l as integer
Dim M as integer, N as integer, i1 as integer, I2 as integer
Dim I3 as integer, I4 as integer, I5 as integer, I6 as integer
Dim pword1 as string
Dim shtag as Boolean, wintag as Boolean Application. screenupdating = false
With activeworkbook
Wintag =. protectstructure or. protectwindows
End
Shtag = false
For each W1 in worksheets
Shtag = shtag or w1.protectcontents
Next W1
If not shtag and not wintag then
Msgbox msgnopwords1, vbinformation, Header
Exit sub
End if
Msgbox msgtaketime, vbinformation, Header
If not wintag then
Msgbox msgnopwords2, vbinformation, Header
Else
On Error resume next
Do 'dummy do loop
For I = 65 to 66: For J = 65 to 66: For k = 65 to 66
For l = 65 to 66: For M = 65 to 66: For I1 = 65 to 66
For I2 = 65 to 66: For I3 = 65 to 66: For I4 = 65 to 66
For I5 = 65 to 66: for I6 = 65 to 66: for n = 32 to 126.
With activeworkbook
. Unprotect CHR (I) & CHR (j) & CHR (k )&_
CHR (l) & CHR (m) & CHR (I1) & CHR (I2 )&_
CHR (I3) & CHR (I4) & CHR (I5) & CHR (I6) & CHR (N)
If. protectstructure = false and _
. Protectwindows = false then
Pword1 = CHR (I) & CHR (j) & CHR (k) & CHR (l )&_
CHR (m) & CHR (I1) & CHR (I2) & CHR (I3 )&_
CHR (I4) & CHR (I5) & CHR (I6) & CHR (N)
Msgbox application. substitute (msgpwordfound1 ,_
"$", Pword1), vbinformation, Header
Exit do 'Bypass all for... nexts
End if
End
Next: Next
Next: Next
Loop until true
On Error goto 0
End if
If wintag and not shtag then
Msgbox msgonlyone, vbinformation, Header
Exit sub
End if
On Error resume next
For each W1 in worksheets
'Attempt clearance with pword1
W1.unprotect pword1
Next W1
On Error goto 0
Shtag = false
For each W1 in worksheets
'Checks for all clear shtag triggered to 1 if not.
Shtag = shtag or w1.protectcontents
Next W1
If shtag then
For each W1 in worksheets
With W1
If. protectcontents then
On Error resume next
Do 'dummy do loop
For I = 65 to 66: For J = 65 to 66: For k = 65 to 66
For l = 65 to 66: For M = 65 to 66: For I1 = 65 to 66
For I2 = 65 to 66: For I3 = 65 to 66: For I4 = 65 to 66
For I5 = 65 to 66: for I6 = 65 to 66: for n = 32 to 126.
. Unprotect CHR (I) & CHR (j) & CHR (k )&_
CHR (l) & CHR (m) & CHR (I1) & CHR (I2) & CHR (I3 )&_
CHR (I4) & CHR (I5) & CHR (I6) & CHR (N)
If not. protectcontents then
Pword1 = CHR (I) & CHR (j) & CHR (k) & CHR (l )&_
CHR (m) & CHR (I1) & CHR (I2) & CHR (I3 )&_
CHR (I4) & CHR (I5) & CHR (I6) & CHR (N)
Msgbox application. substitute (msgpwordfound2 ,_
"$", Pword1), vbinformation, Header
'Leverage finding pword by trying on other sheets
For each W2 in worksheets
W2.unprotect pword1
Next W2
Exit do 'Bypass all for... nexts
End if
Next: Next
Next: Next
Loop until true
On Error goto 0
End if
End
Next W1
End if
Msgbox allclear & authors & version & repback, vbinformation, Header
End sub |
4. After the post is pasted, click the run button or press F5 to run the code. 5. After the program starts running, two dialog boxes will pop up and you can directly confirm it.
6. About 2 minutes later, the "complete" dialog box is displayed. The red line is the found password (note: the last one is part of the password). Click OK, the password in the file is cleared. 7. If you only want to find the password and do not want to clear it, just do not save the file, re-open it, choose tools> Protection> undo worksheet/workbook protection, and enter the password you just found. 8. It should be noted that the password you found is not the password you entered when you set it, but it can be used. For example, I just found the password, and I used 123 as the password. I do not know whether this is an Excel vulnerability or intended one, in short, you can disable worksheet protection. In summary, we have to ask, what kind of password is safe? In fact, security needs to be used in combination. The code we just used is just to crack the worksheet/workbook password, and we can use more protection to prevent our files from being cracked, for example, permission settings (file-> permission. The so-called no password can be cracked. What we do now is to minimize the risk. At the very least, it cannot be easily decrypted by the attacker. For other information, we can only look at it!
