On Tue, Jul 10, 2001 at 06:13:22PM +0200, Talha, Sebastien wrote: > very cool, thanks. > Loks. > Hmmm.... Regarding previous post by Aaron C. Newman (aaron@newman-family.com): > There's really no way to decrypt it - it's a one way hash. I'm not sure if my post will help in your case. Maybe MS-SQL7 uses different method of storing the password internaly (for example one-way hash) an different for sending it via network? Could somebody check it out ? If you will use the decrypting procedure from dsniff (or actualy from freetds) with success, please report it to pen-test. > -----Original Message----- > From: wojtekdat_private [mailto:wojtekdat_private] > Sent: Tuesday, July 10, 2001 9:23 AM > To: pen-testat_private > Subject: Re: SQL Server 7 question > > > On Mon, Jul 09, 2001 at 04:34:57PM +0200, Talha, Sebastien wrote: > > Hey All, > > > > I've a user account + hashed password of an SQL Server 7 account and would > > like to decrypt that password: do you know any tool or method to do so ??? > > thanks in advance. > > loks > > > > > > MS-SQL server 7 uses TDS (Tabular Data Stream) protocol as transport. > (This same protocol is used by Sybase). > TDS7 uses very weak way of securing the passwords. > For example dsniff-2.4 understands TDS7 traffic and could decrypt it. > You can find alghoritm for decrypting the passwords in dsniff source > file: decode_tds.c > Code responsile for decrypting SQL7 passwords is: > > static void > tds7_decrypt(u_char *buf, int len) > { > int i; > > for (i = 0; i < len; i++) { > buf[i] = ((buf[i] << 4) | (buf[i] >> 4)) ^ 0x5a; > } > buf[i] = '\0'; > } > > So it's REALY simple ;) > > More info about TDS protocol, you will find at: www.freetds.org > ___ Wojtek Dworakowski - ABA, Security & Consulting wojtekdat_private - http://www.aba.krakow.pl/security tel. +48 12 4158781, fax. +48 12 4158783 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 15:52:58 PDT