Security Basics mailing list archives
SQL Hash Brute Force Attack
From: Random Task <rand0m_t4sk () yahoo com>
Date: Tue, 23 Dec 2003 07:53:34 -0800 (PST)
G'day, I'm doing a pentest and acquired the MS SQL Server hashes on four servers, a mix of SQL Server 7 and 2000. I found NGSSoftware's SQLCrack and used a trial version, but that doesn't work on SQL 7. We're willing to buy it, but first, are there any free/open-source applications that will do this? I dumped the hashes into John The Ripper, but that didn't seem to be doing anything after 12 hours (and I know not all of these accounts are protected that well) so I assume SQL's hashes are not NTLM like JTR identified them as. If no freebie stuff, how about cheaper than SQLCrack? (Not sure how much it is, as I refuse to give them my email address to gain access to their pricing information...I almost don't want to buy thier product on principal solely because they do this. But that's another thread.) __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- SQL Hash Brute Force Attack Random Task (Dec 23)