sqlmap-users

[sqlmap-users] Unknown Hash Format

[Chris O. <chr...@gm...>]

Hi All

Not a direct SQLMap question but I thought someone might be able to shed
some light on this.  I'm testing an app that has SQL injection and a lot of
the user passwords hashes are in the following format:

*15C828E597C8B6781C2

Does anyone recognise what this is?  They're all unsalted.  SQLMap picks it
up as MySQL (Old) when it's trying to crack them, but this is incorrect as
far as I'm away.  Older MySQL hashes come in the format:

5c47637e661879aa (weddingtv) - cracked by SQLMap :)
Sorry to go a bit off topic...

Cheers

Chris

Re: [sqlmap-users] Unknown Hash Format

[Miroslav S. <mir...@gm...>]

Hi.

I can't reproduce that that value is recognized as a MySQL (old). Maybe
some other value has been recognized in a table dump as MySQL (old) but
that value wasn't that (pretty sure).

Kind regards,
Miroslav Stampar
On Thu, Feb 7, 2013 at 3:09 PM, Miroslav Stampar <mir...@gm...
> wrote:

> This looks like a first part of standard MySQL pass hash. Full one should
> start with * and have 40 hex chars.
>
> Maybe one part is stored at one DBMS instance and the other at the other
> (for security reasons). This is a recommended way in high profile targets.
>
> I'll take a look later why it's recognized as mysql_old as it obvioulsy
> isn't.
>
> Bye
> Dana 7.2.2013. 14:46 "Chris Oakley" <chr...@gm...> je
> napisao/la:
>
>> Hi All
>>
>> Not a direct SQLMap question but I thought someone might be able to shed
>> some light on this.  I'm testing an app that has SQL injection and a lot of
>> the user passwords hashes are in the following format:
>>
>> *15C828E597C8B6781C2
>>
>> Does anyone recognise what this is?  They're all unsalted.  SQLMap picks
>> it up as MySQL (Old) when it's trying to crack them, but this is incorrect
>> as far as I'm away.  Older MySQL hashes come in the format:
>>
>> 5c47637e661879aa (weddingtv) - cracked by SQLMap :)
>> Sorry to go a bit off topic...
>>
>> Cheers
>>
>> Chris
>>
>>
>> ------------------------------------------------------------------------------
>> Free Next-Gen Firewall Hardware Offer
>> Buy your Sophos next-gen firewall before the end March 2013
>> and get the hardware for free! Learn more.
>> http://p.sf.net/sfu/sophos-d2d-feb
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] Unknown Hash Format

[Chris O. <chr...@gm...>]

I'll have a look, there are many columns, one moment.


On 7 February 2013 17:02, Miroslav Stampar <mir...@gm...>wrote:

> Hi.
>
> I can't reproduce that that value is recognized as a MySQL (old). Maybe
> some other value has been recognized in a table dump as MySQL (old) but
> that value wasn't that (pretty sure).
>
> Kind regards,
> Miroslav Stampar
> On Thu, Feb 7, 2013 at 3:09 PM, Miroslav Stampar <
> mir...@gm...> wrote:
>
>> This looks like a first part of standard MySQL pass hash. Full one should
>> start with * and have 40 hex chars.
>>
>> Maybe one part is stored at one DBMS instance and the other at the other
>> (for security reasons). This is a recommended way in high profile targets.
>>
>> I'll take a look later why it's recognized as mysql_old as it obvioulsy
>> isn't.
>>
>> Bye
>> Dana 7.2.2013. 14:46 "Chris Oakley" <chr...@gm...> je
>> napisao/la:
>>
>>>  Hi All
>>>
>>> Not a direct SQLMap question but I thought someone might be able to shed
>>> some light on this.  I'm testing an app that has SQL injection and a lot of
>>> the user passwords hashes are in the following format:
>>>
>>> *15C828E597C8B6781C2
>>>
>>> Does anyone recognise what this is?  They're all unsalted.  SQLMap picks
>>> it up as MySQL (Old) when it's trying to crack them, but this is incorrect
>>> as far as I'm away.  Older MySQL hashes come in the format:
>>>
>>> 5c47637e661879aa (weddingtv) - cracked by SQLMap :)
>>> Sorry to go a bit off topic...
>>>
>>> Cheers
>>>
>>> Chris
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Free Next-Gen Firewall Hardware Offer
>>> Buy your Sophos next-gen firewall before the end March 2013
>>> and get the hardware for free! Learn more.
>>> http://p.sf.net/sfu/sophos-d2d-feb
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sql...@li...
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm

Re: [sqlmap-users] Unknown Hash Format

[Chris O. <chr...@gm...>]

You're spot on... column number 1 million is an API Key column which has -
you guessed it - the same format as MySQL old hashes.  Thanks for your time.


On 7 February 2013 17:03, Chris Oakley <chr...@gm...> wrote:

> I'll have a look, there are many columns, one moment.
>
>
> On 7 February 2013 17:02, Miroslav Stampar <mir...@gm...>wrote:
>
>> Hi.
>>
>> I can't reproduce that that value is recognized as a MySQL (old). Maybe
>> some other value has been recognized in a table dump as MySQL (old) but
>> that value wasn't that (pretty sure).
>>
>> Kind regards,
>> Miroslav Stampar
>> On Thu, Feb 7, 2013 at 3:09 PM, Miroslav Stampar <
>> mir...@gm...> wrote:
>>
>>> This looks like a first part of standard MySQL pass hash. Full one
>>> should start with * and have 40 hex chars.
>>>
>>> Maybe one part is stored at one DBMS instance and the other at the other
>>> (for security reasons). This is a recommended way in high profile targets.
>>>
>>> I'll take a look later why it's recognized as mysql_old as it obvioulsy
>>> isn't.
>>>
>>> Bye
>>> Dana 7.2.2013. 14:46 "Chris Oakley" <chr...@gm...> je
>>> napisao/la:
>>>
>>>>  Hi All
>>>>
>>>> Not a direct SQLMap question but I thought someone might be able to
>>>> shed some light on this.  I'm testing an app that has SQL injection and a
>>>> lot of the user passwords hashes are in the following format:
>>>>
>>>> *15C828E597C8B6781C2
>>>>
>>>> Does anyone recognise what this is?  They're all unsalted.  SQLMap
>>>> picks it up as MySQL (Old) when it's trying to crack them, but this is
>>>> incorrect as far as I'm away.  Older MySQL hashes come in the format:
>>>>
>>>> 5c47637e661879aa (weddingtv) - cracked by SQLMap :)
>>>> Sorry to go a bit off topic...
>>>>
>>>> Cheers
>>>>
>>>> Chris
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Free Next-Gen Firewall Hardware Offer
>>>> Buy your Sophos next-gen firewall before the end March 2013
>>>> and get the hardware for free! Learn more.
>>>> http://p.sf.net/sfu/sophos-d2d-feb
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sql...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>
>
>