Date: Sun, 17 Sep 2006 11:22:57 -0400 From: Erik Winkler <ewinkler@...ls.com> To: john-users@...ts.openwall.com Subject: Re: MS SQL 2000 Password Recovery The patch does not work on big endian machines. Here is my test output on my powerbook. Not a good sign. Benchmarking: MS-SQL [ms-sql]... FAILED (get_hash) I may try to debug if I have time, but this patch really focuses on MMX and SSE support while John as a whole looks to support many architectures. Generally very buggy code in my experience. Erik On Sep 14, 2006, at 7:25 PM, Solar Designer wrote: > On Thu, Sep 14, 2006 at 12:49:17PM -0600, TFowler@....org wrote: >> Has anyone tried to recover SQL passwords from a master.mdf? > > There's an unofficial patch for John the Ripper to support MS SQL > password hashes: > > http://www.banquise.net/misc/patch-john.html > > and it's been briefly mentioned on this mailing list: > > http://www.openwall.com/lists/john-users/2005/12/09/1 > > Erik - any reason why this is not in the jumbo patches? ;-) (I > mean the > working non-vectorized version.) > > Also relevant is this paper which explains the hashing method: > > http://www.nextgenss.com/papers/cracking-sql-passwords.pdf > > Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and > John the Ripper": > > http://www.ethicalhacker.net/content/view/75/24/ > > No, this last one is not about cracking MS SQL hashes, unfortunately. > > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C > 5B34 1F15 > http://www.openwall.com - bringing security into open computing > environments > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com > and reply > to the automated confirmation request that will be sent to you. -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ