Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Sep 2006 03:25:15 +0400
From: Solar Designer <>
Subject: Re: MS SQL 2000  Password Recovery

On Thu, Sep 14, 2006 at 12:49:17PM -0600, wrote:
> Has anyone tried to recover SQL passwords from a master.mdf?

There's an unofficial patch for John the Ripper to support MS SQL
password hashes:

and it's been briefly mentioned on this mailing list:

Erik - any reason why this is not in the jumbo patches? ;-)  (I mean the
working non-vectorized version.)

Also relevant is this paper which explains the hashing method:

Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and
John the Ripper":

No, this last one is not about cracking MS SQL hashes, unfortunately.

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ