Help with unknown MSSQL HASHBYTES function hash
#1
Hello,
I'm trying to test an old .net application which is using MSSQL database to store user accounts. As far I found that this application uses 2 columns for storing passwords. I suppose that one of the columns contains some kind of encrypted password and the other one contains hash of the same password.

Here is my test password:

Clear text password:
Pass123$

SQL HASH
Code:
0xXE9XX2685XX09XX6X191XX16944D9D01179266F

I made some checks and found that the SQL query "SELECT HASHBYTES('SHA1', 'Pass123$');" creates the same hash.
Code:
0xXE9XX2685XX09XX6X191XX16944D9D01179266F

I tried guessing the hashes with https://www.onlinehashcrack.com/hash-identification.php

I found that first one is unknown so I think is not hash function. The second reports to mssql2005


I tried these three but unsuccessful:

131 | MSSQL (2000)                                    | Database Server
132 | MSSQL (2005)                                    | Database Server
1731 | MSSQL (2012, 2014)                              | Database Server


with the following warning: Hashfile '1.txt' on line 297 (0xFF70...XXXXX00BXXXXXBBE1XXXXX55XXXXX447): Token length exception

I also found more about MSSQL hashing here:

https://passlib.readthedocs.io/en/stable...l2005.html

It looks like SHA-1 without the salt and in uppercase.

So my two questions are:

1) How to match my test hash?
2) Any suggestions for the encryption of the first password, I think that it should be reversible.

Kind regards,
Nikolay
Reply
#2
if in doubt you can simply use -m 100 which has no salt

Code:
hashcat -m 100 -a 3 XE9XX2685XX09XX6X191XX16944D9D01179266F 'Pass123$'
Reply
#3
Just a friendly reminder: according to the forum rules it is not allowed to post hashes here, see https://hashcat.net/forum/announcement-2.html
Reply
#4
(01-17-2020, 09:30 PM)philsmd Wrote: Just a friendly reminder: according to the forum rules it is not allowed to post hashes here, see https://hashcat.net/forum/announcement-2.html

Thank you for the help finding the hashing algorithm.

I edited the post to conform the rules at least partially. It was just my test password not a real one.
Reply