Home page logo

pen-test logo Penetration Testing mailing list archives

Re: SQL passwords
From: Martin Rublik <martin.rublik () gmail com>
Date: Thu, 5 Nov 2009 10:52:53 +0100

Thanks Martin for the query, I used sys.sql_logins though for my 2005 hash
after some pointer from the oxid forums. I have selected a brute force
attack / mixcase hash, and used the larger charset. Any ideas on the worst
case how long it will take to crack the passwords? Weeks?

Well if you use 2005 SQL server it would be definitely faster to
attack an uppercase hash. The complexity will reduce significantly.
For example if you have n character password then there are 2^n
possibilities for mixcase password for every uppercase password.

As for the worst case it is quite simple, it depends on how many
characters you will use :), if you use Cain for password cracking it
will show you how much time is remaining.

Best regards

Martin Rublik

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]