Date: Fri, 15 Sep 2006 03:25:15 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: MS SQL 2000 Password Recovery On Thu, Sep 14, 2006 at 12:49:17PM -0600, TFowler@....org wrote: > Has anyone tried to recover SQL passwords from a master.mdf? There's an unofficial patch for John the Ripper to support MS SQL password hashes: http://www.banquise.net/misc/patch-john.html and it's been briefly mentioned on this mailing list: http://www.openwall.com/lists/john-users/2005/12/09/1 Erik - any reason why this is not in the jumbo patches? ;-) (I mean the working non-vectorized version.) Also relevant is this paper which explains the hashing method: http://www.nextgenss.com/papers/cracking-sql-passwords.pdf Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and John the Ripper": http://www.ethicalhacker.net/content/view/75/24/ No, this last one is not about cracking MS SQL hashes, unfortunately. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ