Penetration Testing mailing list archives
Re: SQL Server 7 question
From: wojtekd () aba krakow pl
Date: Tue, 10 Jul 2001 10:23:14 +0200
On Mon, Jul 09, 2001 at 04:34:57PM +0200, Talha, Sebastien wrote:
Hey All, I've a user account + hashed password of an SQL Server 7 account and would like to decrypt that password: do you know any tool or method to do so ??? thanks in advance. loks
MS-SQL server 7 uses TDS (Tabular Data Stream) protocol as transport. (This same protocol is used by Sybase). TDS7 uses very weak way of securing the passwords. For example dsniff-2.4 understands TDS7 traffic and could decrypt it. You can find alghoritm for decrypting the passwords in dsniff source file: decode_tds.c Code responsile for decrypting SQL7 passwords is: static void tds7_decrypt(u_char *buf, int len) { int i; for (i = 0; i < len; i++) { buf[i] = ((buf[i] << 4) | (buf[i] >> 4)) ^ 0x5a; } buf[i] = '\0'; } So it's REALY simple ;) More info about TDS protocol, you will find at: www.freetds.org -- Wojtek Dworakowski - ABA, Security & Consulting wojtekd () aba krakow pl - http://www.aba.krakow.pl/security tel. +48 12 4158781, fax. +48 12 4158783 -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- SQL Server 7 question Talha, Sebastien (Jul 09)
- RE: SQL Server 7 question Aaron C. Newman (Jul 10)
- Re: SQL Server 7 question wojtekd (Jul 10)
- <Possible follow-ups>
- Re: SQL Server 7 question wojtekd (Jul 11)