hashcat Forum

Hello,
I'm trying to test an old .net application which is using MSSQL database to store user accounts. As far I found that this application uses 2 columns for storing passwords. I suppose that one of the columns contains some kind of encrypted password and the other one contains hash of the same password.

Here is my test password:

Clear text password:
Pass123$

SQL HASH

I made some checks and found that the SQL query "SELECT HASHBYTES('SHA1', 'Pass123$');" creates the same hash.

I tried guessing the hashes with https://www.onlinehashcrack.com/hash-identification.php

I found that first one is unknown so I think is not hash function. The second reports to mssql2005


I tried these three but unsuccessful:

131 | MSSQL (2000)                                    | Database Server
132 | MSSQL (2005)                                    | Database Server
1731 | MSSQL (2012, 2014)                              | Database Server


with the following warning: Hashfile '1.txt' on line 297 (0xFF70...XXXXX00BXXXXXBBE1XXXXX55XXXXX447): Token length exception

I also found more about MSSQL hashing here:

https://passlib.readthedocs.io/en/stable...l2005.html

It looks like SHA-1 without the salt and in uppercase.

So my two questions are:

1) How to match my test hash?
2) Any suggestions for the encryption of the first password, I think that it should be reversible.

Kind regards,
Nikolay

if in doubt you can simply use -m 100 which has no salt

Just a friendly reminder: according to the forum rules it is not allowed to post hashes here, see https://hashcat.net/forum/announcement-2.html

(01-17-2020, 09:30 PM)philsmd Wrote: [ -> ]Just a friendly reminder: according to the forum rules it is not allowed to post hashes here, see https://hashcat.net/forum/announcement-2.html

Thank you for the help finding the hashing algorithm.

I edited the post to conform the rules at least partially. It was just my test password not a real one.