Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2011 19:42:14 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Crack a MS SQL Server 2000 password

On Wed, Jul 13, 2011 at 05:25:14PM +0200, Sistemas wrote:
> Nevertheless this hash format should be listed in 
> http://openwall.info/wiki/john/sample-hashes?s=hash%20formats or this 
> list is for the hashes supported in the standard/official john version?

This list is not limited to hashes supported in the main JtR, but it is
incomplete in other ways.  Please feel free to add to it (once you
figure things out).

For all hash types supported by whatever version of JtR you're using,
you may find some sample hashes in test[] arrays in the *_fmt.c files.
In your case, you'd want to look at mssql_fmt.c and mssql05_fmt.c.  The
hash encodings given in there are 94 or 54 characters long, including
the leading "0x".

> >>I'm using the full uppercase hash which is 40 hex characters long 
> >>(160bits). Is this right? Should I add the salt?

Yes, John definitely needs the salt.

I am not familiar with MS SQL hashes at all, but it might be something
like: "0x0100" hash type identifier and flags (6 chars), then the salt
(8 chars?), then your 40 hex char hash.  This gives 54, which matches
some of the test vectors in mssql05_fmt.c.

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.