Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sun, 17 Sep 2006 11:22:57 -0400
From: Erik Winkler <ewinkler@...ls.com>
To: john-users@...ts.openwall.com
Subject: Re: MS SQL 2000  Password Recovery

The patch does not work on big endian machines.  Here is my test  
output on my powerbook.  Not a good sign.

Benchmarking: MS-SQL [ms-sql]... FAILED (get_hash[0])


I may try to debug if I have time, but this patch really focuses on  
MMX and SSE support while John as a whole looks to support many  
architectures.  Generally very buggy code in my experience.

Erik

On Sep 14, 2006, at 7:25 PM, Solar Designer wrote:

> On Thu, Sep 14, 2006 at 12:49:17PM -0600, TFowler@....org wrote:
>> Has anyone tried to recover SQL passwords from a master.mdf?
>
> There's an unofficial patch for John the Ripper to support MS SQL
> password hashes:
>
> 	http://www.banquise.net/misc/patch-john.html
>
> and it's been briefly mentioned on this mailing list:
>
> 	http://www.openwall.com/lists/john-users/2005/12/09/1
>
> Erik - any reason why this is not in the jumbo patches? ;-)  (I  
> mean the
> working non-vectorized version.)
>
> Also relevant is this paper which explains the hashing method:
>
> 	http://www.nextgenss.com/papers/cracking-sql-passwords.pdf
>
> Oh, and Google found this video on "MS SQL Preauth Attack, Pwdump and
> John the Ripper":
>
> 	http://www.ethicalhacker.net/content/view/75/24/
>
> No, this last one is not about cracking MS SQL hashes, unfortunately.
>
> -- 
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C  
> 5B34 1F15
> http://www.openwall.com - bringing security into open computing  
> environments
>
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com  
> and reply
> to the automated confirmation request that will be sent to you.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ