Home page logo

basics logo Security Basics mailing list archives

SQL Hash Brute Force Attack
From: Random Task <rand0m_t4sk () yahoo com>
Date: Tue, 23 Dec 2003 07:53:34 -0800 (PST)


I'm doing a pentest and acquired the MS SQL Server hashes on four
servers, a mix of SQL Server 7 and 2000. I found NGSSoftware's
SQLCrack and used a trial version, but that doesn't work on SQL 7.
We're willing to buy it, but first, are there any free/open-source
applications that will do this? I dumped the hashes into John The
Ripper, but that didn't seem to be doing anything after 12 hours (and
I know not all of these accounts are protected that well) so I assume
SQL's hashes are not NTLM like JTR identified them as.

If no freebie stuff, how about cheaper than SQLCrack? (Not sure how
much it is, as I refuse to give them my email address to gain access
to their pricing information...I almost don't want to buy thier
product on principal solely because they do this. But that's another thread.)

Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.


  By Date           By Thread  

Current thread:
  • SQL Hash Brute Force Attack Random Task (Dec 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]