Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sun, 14 Aug 2011 22:45:04 -0400
From: Erik Winkler <ewinkler@...ls.com>
To: john-users@...ts.openwall.com
Subject: Re: MSSQL Hash Format in JTR

I refer you to the following URL for a good description of SQL 2005 and 2000 hashes.

http://hkashfi.blogspot.com/2007/08/breaking-sql-server-2005-hashes.html


> Now the question is, when I check the candidate passwords that are being tried by JTR against these hashes, they are all in Uppercase. Why is that so?
> 
> Are the MSSQL 2000 hashes supposed to be case insensitive?
> 
> Another question, which relates to the same topic is.
> 
> When I try to crack multiple MSSQL hashes with JTR version 1.7.7 jumbo 1,
> 
> I notice that, it tries some weird combination of characters and not the actual wordlist passwords.
> 
> Also, it tries to bruteforce only the first hash in the hash list. Remaining hashes are ignored.
> 
> Is this is a known bug since I couldn't find it listed anywhere in the mailing list, so I have opened this new topic.
> 
> Regards,
> NeonFlash
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ