Re: [Full-Disclosure] mysql password cracking
From: Willem Koenings (isec_at_europe.com)
Date: 10/09/04
- Previous message: GreyMagic Security: "[Full-Disclosure] Re: Yet another IE aperture"
- Maybe in reply to: David Hane: "[Full-Disclosure] mysql password cracking"
- Next in thread: Chris Anley: "Re: [Full-Disclosure] mysql password cracking"
- Reply: Chris Anley: "Re: [Full-Disclosure] mysql password cracking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Sat, 09 Oct 2004 09:44:55 -0500
hi,
> I'm wondering how dangerous it is to allow a user on a
> mysql db to view the grants for another user. Could
> they take the encrypted password data and possibly
> crack it? If they can, how easy is it?
on certain condition it's quite easy, if you have
a hash:
test.exe 57510426775c5b0f
Hash: 57510426775c5b0f
Trying length 3
Trying length 4
Trying length 5
Found pass: guest
some reading for you:
http://www.ngssoftware.com/papers/HackproofingMySQL.pdf
all the best,
W.
-- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: GreyMagic Security: "[Full-Disclosure] Re: Yet another IE aperture"
- Maybe in reply to: David Hane: "[Full-Disclosure] mysql password cracking"
- Next in thread: Chris Anley: "Re: [Full-Disclosure] mysql password cracking"
- Reply: Chris Anley: "Re: [Full-Disclosure] mysql password cracking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
