Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110713154213.GA24301@openwall.com>
Date: Wed, 13 Jul 2011 19:42:14 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Crack a MS SQL Server 2000 password

On Wed, Jul 13, 2011 at 05:25:14PM +0200, Sistemas wrote:
> Nevertheless this hash format should be listed in 
> http://openwall.info/wiki/john/sample-hashes?s=hash%20formats or this 
> list is for the hashes supported in the standard/official john version?

This list is not limited to hashes supported in the main JtR, but it is
incomplete in other ways.  Please feel free to add to it (once you
figure things out).

For all hash types supported by whatever version of JtR you're using,
you may find some sample hashes in test[] arrays in the *_fmt.c files.
In your case, you'd want to look at mssql_fmt.c and mssql05_fmt.c.  The
hash encodings given in there are 94 or 54 characters long, including
the leading "0x".

> >>I'm using the full uppercase hash which is 40 hex characters long 
> >>(160bits). Is this right? Should I add the salt?

Yes, John definitely needs the salt.

I am not familiar with MS SQL hashes at all, but it might be something
like: "0x0100" hash type identifier and flags (6 chars), then the salt
(8 chars?), then your 40 hex char hash.  This gives 54, which matches
some of the test vectors in mssql05_fmt.c.

I hope this helps.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.