Re: Sybase passwords hashes

To:	Utmost Bastard <utmostbastard@gmail.com>
Subject:	Re: Sybase passwords hashes
From:	Joxean Koret <joxeankoret@yahoo.es>
Date:	Thu, 18 Jan 2007 22:41:12 +0100
Cc:	mugutu sumulunu <sumulunu@gmail.com>, pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.es; h=Received:X-YMail-OSG:Subject:From:To:Cc:In-Reply-To:References:Content-Type:Date:Message-Id:Mime-Version:X-Mailer; b=KoCOfYJYvWWveMVB3l61kQhp/l0h2PI201DrZtQG12yrtqCh4h92cEQw2qAaExAB+Gfi/C+LjGY3C+GwrabygdxMIdTP08F1OxJaBHknMSW6jzoK8biEd3A9AuWT4oCBpBVyFpuYfoncVz+rB4ZSj3tsUqQvVF7fOC+blm1zRRY= ;
In-reply-to:	<002b01c73a39$84499470$7301a8c0@bastarded>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<a712890b0701160211u1d5588ai85adc4e6cf0d353e@mail.gmail.com> <002b01c73a39$84499470$7301a8c0@bastarded>
Resent-date:	Thu, 18 Jan 2007 14:00:56 -0700 (MST)
Resent-from:	pen-test-return-1078483417@securityfocus.com
Resent-message-id:	<20070118210056.528C023A672@outgoing3.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Hi,

I wrote in the past a simple python class to do what you say. Attached
goes. 

It's based in a paper written by David Litchfield which you can view
here:

http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

---
Joxean Koret


On mié, 2007-01-17 at 08:15 -0500, Utmost Bastard wrote:
> I thought the encryption method is selectable although I could be wrong. 
> Default maybe AES?
> 
> Anyways did you try dumping hash format into John to see if it can identify 
> the type? I would guess to say it is salted also.
> 
> UB
> 
> 
> 
> ----- Original Message ----- 
> From: "mugutu sumulunu" <sumulunu@gmail.com>
> To: <pen-test@securityfocus.com>
> Sent: Tuesday, January 16, 2007 5:11 AM
> Subject: Sybase passwords hashes
> 
> 
> > Hello all,
> >
> > Is there any method to crack a Sybase ASE hash?
> >
> > Like this one for "sa" user:
> > 0x3005c90e5dce3f2cd5f840ba479fbdb20304949c681df41d5da9ebfd2d82
> >
> > Thank you!!
> >
> >
> > Mugutu Sumulunu
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> > 
> 
> 
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
> 
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> 
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>

test.py
Description: Text Data

signature.asc
Description: This is a digitally signed message part

<Prev in Thread]	Current Thread	[Next in Thread>
Sybase passwords hashes, mugutu sumulunu Re: Sybase passwords hashes, Utmost Bastard Re: Sybase passwords hashes, Joxean Koret <= Re: Sybase passwords hashes, mugutu sumulunu

Previous by Date:	RE: pent-test a container file, Jan Heisterkamp
Next by Date:	Re: "PenTest" a container file, Steve Friedl
Previous by Thread:	Re: Sybase passwords hashes, Utmost Bastard
Next by Thread:	Re: Sybase passwords hashes, mugutu sumulunu
Indexes:	[Date] [Thread] [Top] [All Lists]