Re: Sybase passwords hashes
- From: Joxean Koret <joxeankoret@xxxxxxxx>
- Date: Thu, 18 Jan 2007 22:41:12 +0100
Hi,
I wrote in the past a simple python class to do what you say. Attached
goes.
It's based in a paper written by David Litchfield which you can view
here:
http://www.nextgenss.com/papers/cracking-sql-passwords.pdf
---
Joxean Koret
On mié, 2007-01-17 at 08:15 -0500, Utmost *** wrote:
I thought the encryption method is selectable although I could be wrong.#!/usr/bin/python
Default maybe AES?
Anyways did you try dumping hash format into John to see if it can identify
the type? I would guess to say it is salted also.
UB
----- Original Message -----
From: "mugutu sumulunu" <sumulunu@xxxxxxxxx>
To: <pen-test@xxxxxxxxxxxxxxxxx>
Sent: Tuesday, January 16, 2007 5:11 AM
Subject: Sybase passwords hashes
Hello all,
Is there any method to crack a Sybase ASE hash?
Like this one for "sa" user:
0x3005c90e5dce3f2cd5f840ba479fbdb20304949c681df41d5da9ebfd2d82
Thank you!!
Mugutu Sumulunu
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
import sys
import sha
def str2uni(data):
buf = ""
for char in data:
buf += char + "\x00"
return buf
class CSQLServerPassword:
data = ""
_header = ""
_key = ""
_password = ""
_upperPassword = ""
def __init__(self, data = None):
if data:
self.data = data
if len(self.data) != 94:
raise "Invalid password hash size"
if self.data[0:2].lower() != "0x":
raise "Invalid password hash"
self._header = int(self.data[2:6])
self._key = int(self.data[6:8])
self._password = self.data[8:40]
self._upperPassword = self.data[40:]
def printSummary(self):
print "Header : ", "0x" + self._header
print "Key : ", self._key
print "Password : ", self._password
print "Password (Upper) : ", self._upperPassword
def encrypt(self, passwd):
# Convert the password to an unicode string
mPasswd = str2uni(passwd)
# Append the random stuff (the key)
mPasswd += str(self._key)
# Get the first hash (normal)
baseHash = sha.sha(mPasswd).hexdigest().upper()
# Get the upper case hash
upperHash = sha.sha(mPasswd.upper()).hexdigest().upper()
# Generate the password
buf = "0x"
buf += str(self._header)
buf += str(self._key)
buf += baseHash
buf += upperHash
return buf
if __name__ == "__main__":
passwd = "0x01008444930543174C59CC918D34B6A12C9CC9EF99C4769F819B43174C59CC918D34B6A12C9CC9EF99C4769F819B"
objSQLServer = CSQLServerPassword(passwd)
print objSQLServer.encrypt("sa")
Attachment:
signature.asc
Description: This is a digitally signed message part
- Follow-Ups:
- Re: Sybase passwords hashes
- From: mugutu sumulunu
- Re: Sybase passwords hashes
- References:
- Sybase passwords hashes
- From: mugutu sumulunu
- Re: Sybase passwords hashes
- From: Utmost ***
- Sybase passwords hashes
- Prev by Date: RE: pent-test a container file
- Next by Date: Re: "PenTest" a container file
- Previous by thread: Re: Sybase passwords hashes
- Next by thread: Re: Sybase passwords hashes
- Index(es):
