Re: [sqlmap-users] Unknown Hash Format
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Unknown Hash Format
|
From: Chris O. <chr...@gm...> - 2013-02-07 17:18:32
|
You're spot on... column number 1 million is an API Key column which has - you guessed it - the same format as MySQL old hashes. Thanks for your time. On 7 February 2013 17:03, Chris Oakley <chr...@gm...> wrote: > I'll have a look, there are many columns, one moment. > > > On 7 February 2013 17:02, Miroslav Stampar <mir...@gm...>wrote: > >> Hi. >> >> I can't reproduce that that value is recognized as a MySQL (old). Maybe >> some other value has been recognized in a table dump as MySQL (old) but >> that value wasn't that (pretty sure). >> >> Kind regards, >> Miroslav Stampar >> On Thu, Feb 7, 2013 at 3:09 PM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> This looks like a first part of standard MySQL pass hash. Full one >>> should start with * and have 40 hex chars. >>> >>> Maybe one part is stored at one DBMS instance and the other at the other >>> (for security reasons). This is a recommended way in high profile targets. >>> >>> I'll take a look later why it's recognized as mysql_old as it obvioulsy >>> isn't. >>> >>> Bye >>> Dana 7.2.2013. 14:46 "Chris Oakley" <chr...@gm...> je >>> napisao/la: >>> >>>> Hi All >>>> >>>> Not a direct SQLMap question but I thought someone might be able to >>>> shed some light on this. I'm testing an app that has SQL injection and a >>>> lot of the user passwords hashes are in the following format: >>>> >>>> *15C828E597C8B6781C2 >>>> >>>> Does anyone recognise what this is? They're all unsalted. SQLMap >>>> picks it up as MySQL (Old) when it's trying to crack them, but this is >>>> incorrect as far as I'm away. Older MySQL hashes come in the format: >>>> >>>> 5c47637e661879aa (weddingtv) - cracked by SQLMap :) >>>> Sorry to go a bit off topic... >>>> >>>> Cheers >>>> >>>> Chris >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Free Next-Gen Firewall Hardware Offer >>>> Buy your Sophos next-gen firewall before the end March 2013 >>>> and get the hardware for free! Learn more. >>>> http://p.sf.net/sfu/sophos-d2d-feb >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm > > > |
