PaulDotCom mailing list archives
Re: extracting password hashes from MSSQL 2005/8
From: David Porcello <DPorcello () vermontmutual com>
Date: Thu, 14 Oct 2010 10:07:33 -0400
Robin, do they look like this? 0x01005C7E511B9FEE5B34C2C53FA51926895D1EDA9FC3AD6E76DFF1D0F4509ECABA9C52D13BB04678C81CF7663D34 If so, I've cracked these with Cain (Cracker -> MSSQL) by parsing as follows: Header(6_chars) Salt(8_chars) Case_Sensitive_SHA1_hash Uppercase_SHA1_hash 0x0100 5C7E511B 9FEE5B34C2C53FA51926895D1EDA9FC3AD6E76DF F1D0F4509ECABA9C52D13BB04678C81CF7663D34 These are also crackable by SQLBF: sqlbf -d <passlist.txt> -u <file containing usernames,binary values - 1 per line, comma separated> Hope this helps! d. -----Original Message----- From: pauldotcom-bounces () mail pauldotcom com [mailto:pauldotcom-bounces () mail pauldotcom com] On Behalf Of Robin Wood Sent: Thursday, October 14, 2010 9:39 AM To: PaulDotCom Mailing List Subject: [Pauldotcom] extracting password hashes from MSSQL 2005/8 Hi I don't have much time to google at the moment and a friend asked me about cracking MSSQL 2005/8 password hashes. I know that JTR can do them and the they are stored in master.dbo.syslogins but when I had a quick go at extracting them with a select they were stored as binary. Is there an easy way to pull them out into the form that JTR needs? I'll get round to looking at it at some point if no one knows but for now googling hasn't returned anything and no time to try to solve it myself. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com NOTICE: The information contained in this e-mail and any attachments is intended solely for the recipient(s) named above, and may be confidential and legally privileged. If you received this e-mail in error, please notify the sender immediately by return e-mail and delete the original message and any copy of it from your computer system. If you are not the intended recipient, you are hereby notified that any review, disclosure, retransmission, dissemination, distribution, copying, or other use of this e-mail, or any of its contents, is strictly prohibited. Although this e-mail and any attachments are believed to be free of any virus or other defects, it is the responsibility of the recipient to ensure that it is virus-free and no responsibility is accepted by the sender for any loss or damage arising if such a virus or defect exists. _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 David Porcello (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 David Porcello (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 Josh Little (Oct 15)
- Re: extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 David Porcello (Oct 14)