Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 17 Sep 2006 11:22:57 -0400
From: Erik Winkler <ewinkler@...ls.com>
To: john-users@...ts.openwall.com
Subject: Re: MS SQL 2000  Password Recovery

The patch does not work on big endian machines.  Here is my test  
output on my powerbook.  Not a good sign.

Benchmarking: MS-SQL [ms-sql]... FAILED (get_hash[0])


I may try to debug if I have time, but this patch really focuses on  
MMX and SSE support while John as a whole looks to support many  
architectures.  Generally very buggy code in my experience.

Erik

On Sep 14, 2006, at 7:25 PM, Solar Designer wrote:

> On Thu, Sep 14, 2006 at 12:49:17PM -0600, TFowler@....org wrote:
>> Has anyone tried to recover SQL passwords from a master.mdf?
>
> There's an unofficial patch for John the Ripper to support MS SQL
> password hashes:
>
> 	http://www.banquise.net/misc/patch-john.html
>
> and it's been briefly mentioned on this mailing list:
>
> 	http://www.openwall.com/lists/john-users/2005/12/09/1
>
> Erik - any reason why this is not in the jumbo patches? ;-)  (I  
> mean the
> working non-vectorized version.)
>
> Also relevant is this paper which explains the hashing method:
>
> 	http://www.nextgenss.com/papers/cracking-sql-passwords.pdf
>
> Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and
> John the Ripper":
>
> 	http://www.ethicalhacker.net/content/view/75/24/
>
> No, this last one is not about cracking MS SQL hashes, unfortunately.
>
> -- 
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C  
> 5B34 1F15
> http://www.openwall.com - bringing security into open computing  
> environments
>
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com  
> and reply
> to the automated confirmation request that will be sent to you.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.