Re: [sqlmap-users] Unknown Hash Format
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Unknown Hash Format
|
From: Miroslav S. <mir...@gm...> - 2013-02-07 17:02:33
|
Hi. I can't reproduce that that value is recognized as a MySQL (old). Maybe some other value has been recognized in a table dump as MySQL (old) but that value wasn't that (pretty sure). Kind regards, Miroslav Stampar On Thu, Feb 7, 2013 at 3:09 PM, Miroslav Stampar <mir...@gm... > wrote: > This looks like a first part of standard MySQL pass hash. Full one should > start with * and have 40 hex chars. > > Maybe one part is stored at one DBMS instance and the other at the other > (for security reasons). This is a recommended way in high profile targets. > > I'll take a look later why it's recognized as mysql_old as it obvioulsy > isn't. > > Bye > Dana 7.2.2013. 14:46 "Chris Oakley" <chr...@gm...> je > napisao/la: > >> Hi All >> >> Not a direct SQLMap question but I thought someone might be able to shed >> some light on this. I'm testing an app that has SQL injection and a lot of >> the user passwords hashes are in the following format: >> >> *15C828E597C8B6781C2 >> >> Does anyone recognise what this is? They're all unsalted. SQLMap picks >> it up as MySQL (Old) when it's trying to crack them, but this is incorrect >> as far as I'm away. Older MySQL hashes come in the format: >> >> 5c47637e661879aa (weddingtv) - cracked by SQLMap :) >> Sorry to go a bit off topic... >> >> Cheers >> >> Chris >> >> >> ------------------------------------------------------------------------------ >> Free Next-Gen Firewall Hardware Offer >> Buy your Sophos next-gen firewall before the end March 2013 >> and get the hardware for free! Learn more. >> http://p.sf.net/sfu/sophos-d2d-feb >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> -- Miroslav Stampar http://about.me/stamparm |
