Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 29 Aug 2012 17:45:55 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Is there any patch to crack MySQL Network auth?

On Sat, Aug 25, 2012 at 8:32 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Wed, Aug 22, 2012 at 9:02 PM, Richard Miles
> <richard.k.miles@...glemail.com> wrote:
>> I have a few MySQL network authentication hashes (SHA1 + challenge), but I
>> can't find a option to crack it with John. There is a patch (even if
>> unofficial) to crack it?
>
> I have added support for cracking MySQL network authentication hashes
> to JtR. Use latest code from
> https://github.com/magnumripper/magnum-jumbo
>
> However, I could not find a open-source software for obtaining
> "challenge + hash" from a network capture. I had to use Cain & Abel.

I could not find an option to export captured hashes in Cain & Abel.
So I submitted a patch for Ettercap to support sniffing MySQL v5.xx
authentication traffic. This patch outputs captured authentication
data in JtR compatible format. This functionality will be available in
v0.7.5 of Ettercap.

You can test this new feature by running code from
https://github.com/Ettercap/ettercap/tree/ettercap_rc

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.