Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 17 Sep 2006 11:22:57 -0400
From: Erik Winkler <ewinkler@...ls.com>
To: john-users@...ts.openwall.com
Subject: Re: MS SQL 2000  Password Recovery

The patch does not work on big endian machines.  Here is my test  
output on my powerbook.  Not a good sign.

Benchmarking: MS-SQL [ms-sql]... FAILED (get_hash[0])


I may try to debug if I have time, but this patch really focuses on  
MMX and SSE support while John as a whole looks to support many  
architectures.  Generally very buggy code in my experience.

Erik

On Sep 14, 2006, at 7:25 PM, Solar Designer wrote:

> On Thu, Sep 14, 2006 at 12:49:17PM -0600, TFowler@....org wrote:
>> Has anyone tried to recover SQL passwords from a master.mdf?
>
> There's an unofficial patch for John the Ripper to support MS SQL
> password hashes:
>
> 	http://www.banquise.net/misc/patch-john.html
>
> and it's been briefly mentioned on this mailing list:
>
> 	http://www.openwall.com/lists/john-users/2005/12/09/1
>
> Erik - any reason why this is not in the jumbo patches? ;-)  (I  
> mean the
> working non-vectorized version.)
>
> Also relevant is this paper which explains the hashing method:
>
> 	http://www.nextgenss.com/papers/cracking-sql-passwords.pdf
>
> Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and
> John the Ripper":
>
> 	http://www.ethicalhacker.net/content/view/75/24/
>
> No, this last one is not about cracking MS SQL hashes, unfortunately.
>
> -- 
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C  
> 5B34 1F15
> http://www.openwall.com - bringing security into open computing  
> environments
>
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com  
> and reply
> to the automated confirmation request that will be sent to you.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ