-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken lower-case mssql hash validation #5461
Comments
Based on logic in mysqlSHA1_fmt_plug.c Fixes openwall#5461
Thank you for reporting this, @sjanusz-r7! We were under impression that tools standardized on uppercase for MS SQL hashes. Since for many other hashes the case of characters in their encodings matters, we do not universally support arbitrary/mixed case. I've prepared a patch for this issue to have our three MS SQL formats support both upper and lower case, by unifying to upper case for writing to pot files, like we already do e.g. in While at it, I was also interested in how easily crackable your test password is. Turns out our current default settings (no options at all, just the filename) do crack it, but that takes a minute on a laptop CPU. However, putting only the word |
Based on logic in mysqlSHA1_fmt_plug.c Fixes openwall#5461
Based on logic in mysqlSHA1_fmt_plug.c Fixes #5461
Hello 👋 It seems like 5bd9489 broke the validation for MSSQL hashes as it is case-sensitive. Output from nmap (below) is not considered to be valid by john.
Manually converting the nmap output to uppercase, john works; hashcat works with lower and upper-case hashes. 🚀
John output
hashcat output
nmap output
John Version
Not bleeding edge, but latest on Kali and the affected code in the linked PR hasn't been changed since 👍
The text was updated successfully, but these errors were encountered: