On Mon, Jul 09, 2001 at 04:34:57PM +0200, Talha, Sebastien wrote:
> Hey All,
>
> I've a user account + hashed password of an SQL Server 7 account and would
> like to decrypt that password: do you know any tool or method to do so ???
> thanks in advance.
> loks
>
>
MS-SQL server 7 uses TDS (Tabular Data Stream) protocol as transport.
(This same protocol is used by Sybase).
TDS7 uses very weak way of securing the passwords.
For example dsniff-2.4 understands TDS7 traffic and could decrypt it.
You can find alghoritm for decrypting the passwords in dsniff source
file: decode_tds.c
Code responsile for decrypting SQL7 passwords is:
static void
tds7_decrypt(u_char *buf, int len)
{
int i;
for (i = 0; i < len; i++) {
buf[i] = ((buf[i] << 4) | (buf[i] >> 4)) ^ 0x5a;
}
buf[i] = '\0';
}
So it's REALY simple ;)
More info about TDS protocol, you will find at: www.freetds.org
--
Wojtek Dworakowski - ABA, Security & Consulting
wojtekdat_private - http://www.aba.krakow.pl/security
tel. +48 12 4158781, fax. +48 12 4158783
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 10 2001 - 08:06:53 PDT