|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Martin Rublik (martin.rublik
gmail.com)
Date: Wed Oct 28 2009 - 05:09:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
pma111 wrote:
> Hi All,
>
> Are there any penetration testing / commercial cracking tools on the market,
> or freebies, where we could export the password hashes directly from our SQL
> tables (sys.syslogins) and crack the passwords offline, so not to affect our
> live servers? Any pointers would be great.
>
> Thanks
Cain & Abel is able to crack SQL passwords offline. It even dumps them from MS
SQL 2005 database using ODBC. For 2008 MS SQL you need to dump them manually. E.g.
SELECT
name AS UserName,
CAST([password] AS VARBINARY(MAX)) AS EncryptedPass,
CAST(SUBSTRING([password],2,2) AS VARBINARY(MAX)) AS Salt,
CAST(SUBSTRING([password],4,LEN([password])-3) AS VARBINARY(MAX)) AS MixCaseHash
FROM master.dbo.syslogins
WHERE [password] IS NOT NULL
and then use Cain. It looks like SQL server 2008 doesn't store uppercase hash
anymore so mixcase has to be enough for offline attacks.
Regards
Martin
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]