-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/14/2010 11:05 AM, David Porcello wrote: > Try this: > > SELECT password_hash FROM sys.sql_logins where name='sa' > > Result is similar to previous, but "Uppercase_SHA1_hash" is no > longer included in 2005: > > 0x0100 5C7E511B 9FEE5B34C2C53FA51926895D1EDA9FC3AD6E76DF >
Cain can also connect directly to the database via ODBC and extract the hashes directly into the MSSQL cracker. That option is found by right-clicking the main window when you're in the MSSQL cracker module and selecting 'Add to list'. There you can add the already extracted hash or configure an ODBC session to grab them directly. Obviously, you'll need access to the SQL Server and a login that has rights to the sys.sql_logins DB, which it seems in this case that Robin already has. ZT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAky4Xv4ACgkQMRelb3QdcMfr+AD/dxHx88ObpMmRQmIHqwxI+Mz2 r2XnWMaLWLL6IXugCMEBAMDIkZieq+GEpUL606TAapsHQcF/7Z6qVeicLiWJL5JU =fbFS -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
