Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jul 2011 18:04:57 +0200
From: Sistemas <>
Subject: Re: Crack a MS SQL Server 2000 password

El 13/07/2011 17:42, Solar Designer escribió:
> On Wed, Jul 13, 2011 at 05:25:14PM +0200, Sistemas wrote:
>> Nevertheless this hash format should be listed in
>> or this
>> list is for the hashes supported in the standard/official john version?
> This list is not limited to hashes supported in the main JtR, but it is
> incomplete in other ways.  Please feel free to add to it (once you
> figure things out).
> For all hash types supported by whatever version of JtR you're using,
> you may find some sample hashes in test[] arrays in the *_fmt.c files.
> In your case, you'd want to look at mssql_fmt.c and mssql05_fmt.c.  The
> hash encodings given in there are 94 or 54 characters long, including
> the leading "0x".
>>>> I'm using the full uppercase hash which is 40 hex characters long
>>>> (160bits). Is this right? Should I add the salt?
> Yes, John definitely needs the salt.
> I am not familiar with MS SQL hashes at all, but it might be something
> like: "0x0100" hash type identifier and flags (6 chars), then the salt
> (8 chars?), then your 40 hex char hash.  This gives 54, which matches
> some of the test vectors in mssql05_fmt.c.
> I hope this helps.
> Alexander

Correct. The correct syntax is:
user:0x0100  + salt (6chars) + hash (40chars)

I've test it against known passwords and it worked.

Thank you guys.

I'll try to make a full howto off this in the wiki (from extraction 
options to john examples).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.