Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: mysql password cracking
From: "Willem Koenings" <isec () europe com>
Date: Sat, 09 Oct 2004 09:44:55 -0500


hi,

I'm wondering how dangerous it is to allow a user on a 
mysql db to view the grants for another user. Could 
they take the encrypted password data and possibly 
crack it? If they can, how easy is it? 

on certain condition it's quite easy, if you have
a hash:

test.exe 57510426775c5b0f
Hash: 57510426775c5b0f
Trying length 3
Trying length 4
Trying length 5
Found pass: guest


some reading for you:

http://www.ngssoftware.com/papers/HackproofingMySQL.pdf

all the best,

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]