01-17-2020, 06:40 PM
(This post was last modified: 01-18-2020, 12:51 PM by mravunko.
Edit Reason: to conform the rules
)
Hello,
I'm trying to test an old .net application which is using MSSQL database to store user accounts. As far I found that this application uses 2 columns for storing passwords. I suppose that one of the columns contains some kind of encrypted password and the other one contains hash of the same password.
Here is my test password:
Clear text password:
Pass123$
SQL HASH
I made some checks and found that the SQL query "SELECT HASHBYTES('SHA1', 'Pass123$');" creates the same hash.
I tried guessing the hashes with https://www.onlinehashcrack.com/hash-identification.php
I found that first one is unknown so I think is not hash function. The second reports to mssql2005
I tried these three but unsuccessful:
131 | MSSQL (2000) | Database Server
132 | MSSQL (2005) | Database Server
1731 | MSSQL (2012, 2014) | Database Server
with the following warning: Hashfile '1.txt' on line 297 (0xFF70...XXXXX00BXXXXXBBE1XXXXX55XXXXX447): Token length exception
I also found more about MSSQL hashing here:
https://passlib.readthedocs.io/en/stable...l2005.html
It looks like SHA-1 without the salt and in uppercase.
So my two questions are:
1) How to match my test hash?
2) Any suggestions for the encryption of the first password, I think that it should be reversible.
Kind regards,
Nikolay
I'm trying to test an old .net application which is using MSSQL database to store user accounts. As far I found that this application uses 2 columns for storing passwords. I suppose that one of the columns contains some kind of encrypted password and the other one contains hash of the same password.
Here is my test password:
Clear text password:
Pass123$
SQL HASH
Code:
0xXE9XX2685XX09XX6X191XX16944D9D01179266FI made some checks and found that the SQL query "SELECT HASHBYTES('SHA1', 'Pass123$');" creates the same hash.
Code:
0xXE9XX2685XX09XX6X191XX16944D9D01179266FI tried guessing the hashes with https://www.onlinehashcrack.com/hash-identification.php
I found that first one is unknown so I think is not hash function. The second reports to mssql2005
I tried these three but unsuccessful:
131 | MSSQL (2000) | Database Server
132 | MSSQL (2005) | Database Server
1731 | MSSQL (2012, 2014) | Database Server
with the following warning: Hashfile '1.txt' on line 297 (0xFF70...XXXXX00BXXXXXBBE1XXXXX55XXXXX447): Token length exception
I also found more about MSSQL hashing here:
https://passlib.readthedocs.io/en/stable...l2005.html
It looks like SHA-1 without the salt and in uppercase.
So my two questions are:
1) How to match my test hash?
2) Any suggestions for the encryption of the first password, I think that it should be reversible.
Kind regards,
Nikolay