Re: [Full-Disclosure] mysql password cracking

From: ppatters (ppatters_at_cbnco.com)
Date: 10/09/04

  • Next message: GreyMagic Security: "[Full-Disclosure] Re: Yet another IE aperture"
    To: full-disclosure@lists.netsys.com
    Date: Sat, 09 Oct 2004 10:11:21 -0400
    
    

    On Fri, 2004-10-08 at 16:03, David Hane wrote:
    > I'm wondering how dangerous it is to allow a user on a
    > mysql db to view the grants for another user. Could
    > they take the encrypted password data and possibly
    > crack it? If they can, how easy is it?

    I periodically export the mysql database with the encrypted user email
    passwords and run it through John the Ripper, and it finds a few every
    time. So it will all depend on how good the password is.

    Try it yourself with John http://www.openwall.com/passwords/unix.shtml;
    it's not difficult. If you use the big wordlists available at
    http://www.openwall.com/passwords/wordlists/, you will be amazed at how
    many passwords you can get.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: GreyMagic Security: "[Full-Disclosure] Re: Yet another IE aperture"

    Relevant Pages

    • Re: VFP8 and MySQL
      ... > heya John - check out ... > I make things work from local machine, servers on internal network, ... > across the internet, shared servers across the internet, cheap-@ss hosting ... > get stuck - drop me an email to mysql at efgroup dot net. ...
      (microsoft.public.fox.programmer.exchange)
    • Re: VFP8 and MySQL
      ... companies who have mySql, etc etc, with VFP, for about 3 years now. ... Mondo Cool TeleCom -> http://www.efgroup.net/efgcog.html ... "John Pugh" wrote in message ... > I've got MySQL Server version 4.1.9-nt running on localhost ...
      (microsoft.public.fox.programmer.exchange)
    • Re: VFP8 and MySQL
      ... I will remember your experience with SP2 for the future. ... > There should be a VFP-MySQL dedicated Forum ... >> MySQL working so I can do this. ... >> John Pugh ...
      (microsoft.public.fox.programmer.exchange)
    • Re: Error 1044 Access denied to database
      ... John wrote: ... > When I go to the mysql> prompt do I type in what you have put? ... Buy a book on MySQL and read it. ... DeeDee, don't press that button! ...
      (comp.lang.php)
    • Re: Error 1044 Access denied to database
      ... John wrote: ... > When I go to the mysql> prompt do I type in what you have put? ... Buy a book on MySQL and read it. ... DeeDee, don't press that button! ...
      (alt.php)