Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFMma9MgFa_QY77f+7EB+7harXGKeae-nXYnp=UsSpLNBGsc7w@mail.gmail.com>
Date: Wed, 22 Aug 2012 12:01:30 -0500
From: Richard Miles <richard.k.miles@...glemail.com>
To: john-users@...ts.openwall.com
Subject: Re: Is there any patch to crack MySQL Network auth?

Hi Rich,

Well, I have the parsed hash and challenge from a mysql .pcap session, if
anyone is interested on it I can share.

Thanks.

On Wed, Aug 22, 2012 at 11:51 AM, Rich Rumble <richrumble@...il.com> wrote:

> On Wed, Aug 22, 2012 at 12:14 PM, agap1@...abit.com <agap1@...abit.com>
> wrote:
> > Hi,
> >> I have a few MySQL network authentication hashes (SHA1 + challenge),
> but I
> >> can't find a option to crack it with John. There is a patch (even if
> >> unofficial) to crack it?
> >
> > AFAIK there is support on the jumbo patch.
> >
> > Take a look at:http://www.openwall.com/john/#contrib
> While JtR supports cracking MySQL hashes in an "offline" form, I don't
> believe there is support for a pcap or captured traffic support like
> jumbo has for VNC challenge/responses. With examples (captured
> traffic) of known passwords it's entirely possible for someone to
> create one, but as far as I know no one has done so yet.
> -rich
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.