Penetration Testing mailing list archives
Is this value the SQL password hash ?
From: nobody <pentester () yahoo com>
Date: Wed, 8 Sep 2004 19:34:53 -0700 (PDT)
While doing a pen test I came across a Windows share that allowed anyone to read it. This share had an SQL SMS install input file of the form xxxx.iss In this file the follwing exists: [DlgServices-0] Local-Domain=61680 AutoStart=15 SQLDomain=XXXXX SQLDomainAcct=XXXSQL SQLDomainPwd=142e7e5da8cb39066a6f1759ec9aab The length of this entry versus the SQL sysxlogin data data that David Litchfield talks about (in his whitepaper on SQL passwords)is quite different. Also the CQURE tool (SQLBF) seems to expect a differnet length hash. from ccqure.net - sqlbf tools - demo hashes foobar,0x0100905BB15ECA1847296A79ADD350E3138D6D255BF9FA24964FCA1847296A79ADD350E3138D6D255BF9FA24964F Does anyone know what type of hash the data following the SQLDomainPwd is ? It cannot be an NTLM hash or a LANMAN hash. Just to be sure I plugged it into LC4 and it did not recognize the hash. I will also try John-16 using all modes but I am guessing at this point. Oh - I cannot get admin status (yet) on the SQl server that I think this file was installed on. If I did so I could dump the SAM and the SQl hahses and see what matches. Anyone seen this before ? Thanks pentester __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Is this value the SQL password hash ? nobody (Sep 09)
- Re: Is this value the SQL password hash ? Thor (Sep 10)