Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Sep 2006 03:25:15 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: MS SQL 2000  Password Recovery

On Thu, Sep 14, 2006 at 12:49:17PM -0600, TFowler@....org wrote:
> Has anyone tried to recover SQL passwords from a master.mdf?

There's an unofficial patch for John the Ripper to support MS SQL
password hashes:

	http://www.banquise.net/misc/patch-john.html

and it's been briefly mentioned on this mailing list:

	http://www.openwall.com/lists/john-users/2005/12/09/1

Erik - any reason why this is not in the jumbo patches? ;-)  (I mean the
working non-vectorized version.)

Also relevant is this paper which explains the hashing method:

	http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and
John the Ripper":

	http://www.ethicalhacker.net/content/view/75/24/

No, this last one is not about cracking MS SQL hashes, unfortunately.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ