Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 13 Jul 2011 18:04:57 +0200
From: Sistemas <linux@...agroup.com>
To: john-users@...ts.openwall.com
Subject: Re: Crack a MS SQL Server 2000 password

El 13/07/2011 17:42, Solar Designer escribió:
> On Wed, Jul 13, 2011 at 05:25:14PM +0200, Sistemas wrote:
>> Nevertheless this hash format should be listed in
>> http://openwall.info/wiki/john/sample-hashes?s=hash%20formats or this
>> list is for the hashes supported in the standard/official john version?
> This list is not limited to hashes supported in the main JtR, but it is
> incomplete in other ways.  Please feel free to add to it (once you
> figure things out).
>
> For all hash types supported by whatever version of JtR you're using,
> you may find some sample hashes in test[] arrays in the *_fmt.c files.
> In your case, you'd want to look at mssql_fmt.c and mssql05_fmt.c.  The
> hash encodings given in there are 94 or 54 characters long, including
> the leading "0x".
>
>>>> I'm using the full uppercase hash which is 40 hex characters long
>>>> (160bits). Is this right? Should I add the salt?
> Yes, John definitely needs the salt.
>
> I am not familiar with MS SQL hashes at all, but it might be something
> like: "0x0100" hash type identifier and flags (6 chars), then the salt
> (8 chars?), then your 40 hex char hash.  This gives 54, which matches
> some of the test vectors in mssql05_fmt.c.
>
> I hope this helps.
>
> Alexander

Correct. The correct syntax is:
user:0x0100  + salt (6chars) + hash (40chars)

I've test it against known passwords and it worked.

Thank you guys.

I'll try to make a full howto off this in the wiki (from extraction 
options to john examples).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.