Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090714174926.GA15638@openwall.com>
Date: Tue, 14 Jul 2009 21:49:26 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Cracking MS SQL passwords (was: mysql05)

On Tue, Jul 14, 2009 at 06:58:47PM +0200, websiteaccess wrote:
>  Is mysql05 = ms-sql05 ?

This is a bit confusing, so I'll just describe what I know (and what you
could trivially find out yourself).

The current jumbo patch adds mssql05_fmt.c.  In that file, you can see:

 * Microsoft MS-SQL05 password cracker
[...]
#define FORMAT_LABEL			"mssql05"
#define FORMAT_NAME			"MS-SQL05"

So this is likely supposed to support MS SQL Server 2005 password
hashes, and the label name you can use with the --format option is
mssql05 (but you really do not have to specify it).

>  I try to crack this hash 045C4F2DD8A36730830D917D9CBE6169580F551A  ( 
> plaintext is microsha )
> 
>  I use JTR 1.7.3.1 all-2-mpi8 (format 
> user:045C4F2DD8A36730830D917D9CBE6169580F551A  tried also  
> user:045c4f2dd8a36730830d917d9cbe6169580f551a ) and I get :

Well, none of this matches the sample hashes found in mssql05_tests[] in
mssql05_fmt.c.  This also does not match the requirements of the valid()
function.  An example valid entry would be:

toto:0x01004086CEB6BF932BC4151A1AF1F13CD17301D70816A8886908

This gets cracked instantly:

$ ./john pw-mssql 
Loaded 1 password hash (MS-SQL05 [ms-sql05 MMX])
toto             (toto)
guesses: 1  time: 0:00:00:00 100% (1)  c/s: 200  trying: toto - totototo

I've tried prefixing your 40-character string with 0x01004086CEB6 (taken
from the test entries).  Then it loads, but it is not getting cracked
(tried "microsha"), so your hash is probably something different (not
supported by this code) or maybe the missing prefix should be different
for it.

>  Macintosh:run xxxxxx$ ./john -format=mssql05 -i:digits mysql.txt
> No password hashes loaded

FWIW, you only need to specify the --format option when there's any
ambiguity (for example, when you need to tell JtR that your hashes are
raw MD5 and not LM even though they look similar) or when you have
multiple hash types in your files.  When you're getting "No password
hashes loaded", it's the opposite case, so the first thing you need to
do is drop the --format option (as it may be causing this error).
That's general advice for future occasions.  In this specific case we
know that it wouldn't make a difference.

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.