|
Message-ID: <20090714174926.GA15638@openwall.com> Date: Tue, 14 Jul 2009 21:49:26 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Cracking MS SQL passwords (was: mysql05) On Tue, Jul 14, 2009 at 06:58:47PM +0200, websiteaccess wrote: > Is mysql05 = ms-sql05 ? This is a bit confusing, so I'll just describe what I know (and what you could trivially find out yourself). The current jumbo patch adds mssql05_fmt.c. In that file, you can see: * Microsoft MS-SQL05 password cracker [...] #define FORMAT_LABEL "mssql05" #define FORMAT_NAME "MS-SQL05" So this is likely supposed to support MS SQL Server 2005 password hashes, and the label name you can use with the --format option is mssql05 (but you really do not have to specify it). > I try to crack this hash 045C4F2DD8A36730830D917D9CBE6169580F551A ( > plaintext is microsha ) > > I use JTR 1.7.3.1 all-2-mpi8 (format > user:045C4F2DD8A36730830D917D9CBE6169580F551A tried also > user:045c4f2dd8a36730830d917d9cbe6169580f551a ) and I get : Well, none of this matches the sample hashes found in mssql05_tests[] in mssql05_fmt.c. This also does not match the requirements of the valid() function. An example valid entry would be: toto:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908 This gets cracked instantly: $ ./john pw-mssql Loaded 1 password hash (MS-SQL05 [ms-sql05 MMX]) toto (toto) guesses: 1 time: 0:00:00:00 100% (1) c/s: 200 trying: toto - totototo I've tried prefixing your 40-character string with 0x01004086CEB6 (taken from the test entries). Then it loads, but it is not getting cracked (tried "microsha"), so your hash is probably something different (not supported by this code) or maybe the missing prefix should be different for it. > Macintosh:run xxxxxx$ ./john -format=mssql05 -i:digits mysql.txt > No password hashes loaded FWIW, you only need to specify the --format option when there's any ambiguity (for example, when you need to tell JtR that your hashes are raw MD5 and not LM even though they look similar) or when you have multiple hash types in your files. When you're getting "No password hashes loaded", it's the opposite case, so the first thing you need to do is drop the --format option (as it may be causing this error). That's general advice for future occasions. In this specific case we know that it wouldn't make a difference. Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.