PaulDotCom mailing list archives
Re: extracting password hashes from MSSQL 2005/8
From: Josh Little <josh () zombietango com>
Date: Fri, 15 Oct 2010 10:02:39 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/14/2010 11:05 AM, David Porcello wrote:
Try this: SELECT password_hash FROM sys.sql_logins where name='sa' Result is similar to previous, but "Uppercase_SHA1_hash" is no longer included in 2005: 0x0100 5C7E511B 9FEE5B34C2C53FA51926895D1EDA9FC3AD6E76DF
Cain can also connect directly to the database via ODBC and extract the hashes directly into the MSSQL cracker. That option is found by right-clicking the main window when you're in the MSSQL cracker module and selecting 'Add to list'. There you can add the already extracted hash or configure an ODBC session to grab them directly. Obviously, you'll need access to the SQL Server and a login that has rights to the sys.sql_logins DB, which it seems in this case that Robin already has. ZT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAky4Xv4ACgkQMRelb3QdcMfr+AD/dxHx88ObpMmRQmIHqwxI+Mz2 r2XnWMaLWLL6IXugCMEBAMDIkZieq+GEpUL606TAapsHQcF/7Z6qVeicLiWJL5JU =fbFS -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 David Porcello (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 David Porcello (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 Josh Little (Oct 15)
- Re: extracting password hashes from MSSQL 2005/8 Robin Wood (Oct 14)
- Re: extracting password hashes from MSSQL 2005/8 David Porcello (Oct 14)