Database Password Hashes Cracking-vulnerability warning-the black bar safety net

ID MYHACK58:62201026219
Type myhack58
Reporter 佚名
Modified 2010-02-23T00:00:00


SQL Server 2 0 0 0:- SELECT password from master. dbo. sysxlogins where name='sa' 0×010034767D5C0CFA5FDCA28C4A56085E65E882E71CB0ED250341 2FD54D6119FFF04129A1D72E7C3194F7284A7F3A

0×0 1 0 0 - constant header 34767D5C - salt 0CFA5FDCA28C4A56085E65E882E71CB0ED250341 - case senstive hash 2FD54D6119FFF04129A1D72E7C3194F7284A7F3A - upper case hash crack the upper case hash in 'cain and abel' and then work the case sentive hash

SQL server 2 0 0 5:- SELECT password_hash FROM sys. sql_logins where name='sa' 0×0100993BF2315F36CC441485B35C4D84687DC02C78B0E680411F 0×0 1 0 0 - constant header 993BF231-salt 5F36CC441485B35C4D84687DC02C78B0E680411F - case sensitive hash crack case sensitive hash in cain, try brute force and dictionary based attacks.

update:- following bernardo's comments:- use function fn_varbintohexstr() to cast password in a hex string. e.g. select name from sysxlogins union all select master. dbo. fn_varbintohexstr(password)from sysxlogins


In MySQL you can generate hashes internally using the password(), md5(), or sha1 functions. password() is the function used for MySQL's own user authentication system. It returns a 1 6-byte string for MySQL versions prior to 4.1, and a 4 1-byte string (based on a double SHA-1 hash) for versions 4.1 and up. md5() is available from MySQL version 3.23.2 and sha1() was added later in 4.0.2.

*mysql < 4.1

mysql> SELECT PASSWORD('mypass'); + -------+ | PASSWORD('mypass') | + -------+ | 6f8c114b58f2ce9e | +-------+

*mysql >=4.1

mysql> SELECT PASSWORD('mypass'); +---------------+ | PASSWORD('mypass') | +---------------+ | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 | +---------------+

Select user, password from mysql. user