hashcat Forum
Help with unknown MSSQL HASHBYTES function hash - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Help with unknown MSSQL HASHBYTES function hash (/thread-8890.html)

Help with unknown MSSQL HASHBYTES function hash - mravunko - 01-17-2020

Hello,
I'm trying to test an old .net application which is using MSSQL database to store user accounts. As far I found that this application uses 2 columns for storing passwords. I suppose that one of the columns contains some kind of encrypted password and the other one contains hash of the same password.

Here is my test password:

Clear text password:
Pass123$

SQL HASH
Code:
0xXE9XX2685XX09XX6X191XX16944D9D01179266F

I made some checks and found that the SQL query "SELECT HASHBYTES('SHA1', 'Pass123$');" creates the same hash.
Code:
0xXE9XX2685XX09XX6X191XX16944D9D01179266F

I tried guessing the hashes with https://www.onlinehashcrack.com/hash-identification.php

I found that first one is unknown so I think is not hash function. The second reports to mssql2005


I tried these three but unsuccessful:

131 | MSSQL (2000)                                    | Database Server
132 | MSSQL (2005)                                    | Database Server
1731 | MSSQL (2012, 2014)                              | Database Server


with the following warning: Hashfile '1.txt' on line 297 (0xFF70...XXXXX00BXXXXXBBE1XXXXX55XXXXX447): Token length exception

I also found more about MSSQL hashing here:

https://passlib.readthedocs.io/en/stable/lib/passlib.hash.mssql2005.html

It looks like SHA-1 without the salt and in uppercase.

So my two questions are:

1) How to match my test hash?
2) Any suggestions for the encryption of the first password, I think that it should be reversible.

Kind regards,
Nikolay

RE: Help with unknown MSSQL HASHBYTES function hash - philsmd - 01-17-2020

if in doubt you can simply use -m 100 which has no salt

Code:
hashcat -m 100 -a 3 XE9XX2685XX09XX6X191XX16944D9D01179266F 'Pass123$'


RE: Help with unknown MSSQL HASHBYTES function hash - philsmd - 01-17-2020

Just a friendly reminder: according to the forum rules it is not allowed to post hashes here, see https://hashcat.net/forum/announcement-2.html

RE: Help with unknown MSSQL HASHBYTES function hash - mravunko - 01-18-2020

(01-17-2020, 09:30 PM)philsmd Wrote: Just a friendly reminder: according to the forum rules it is not allowed to post hashes here, see https://hashcat.net/forum/announcement-2.html

Thank you for the help finding the hashing algorithm.

I edited the post to conform the rules at least partially. It was just my test password not a real one.