Hello Rommel,
Since you didn't give any specific MySQL versions. Here's a quick
rundown on bypassing MySQL authentication and password hashing used.
Prior to 3.23.11 you can authenticate using only one character of 32
possible characters of the 'scrambled' password. Prior to 4.1 you can
authenticate using the hash itself no need to crack for the password.
4.1 onwards uses double SHA1, that is hash the password then SHA1 hash
again the SHA1 hash of the password. But in versions 4.1.0, 4.1.2, 5.0
you can bypass authentication with a zero-length authentication
packet.
You are possibly running MySQL 4.1 or newer. It would be very easy if
you can find a rainbow table that has stored values of SHA1 hashes so
you can break the first level of hashing. When you get the hash and if
the password is sufficiently simple you can then try a rainbow table
with a decent a wordlist.
If you prefer DIY, John the Ripper is very capable. Just needs
patience and or enough computing resources. Brute force the first
level of hashing then use a good wordlist for the second hash or brute
force everything.
Cheers,
pǝ
On 8/8/07, Rommel Asibal <[EMAIL PROTECTED]> wrote:
> hi guys,
>
> anyone have any idea how to crack a mysql root password? i am root and i can
> change the mysql password anytime but i need to get the value since its
> important in another application.
>
> google is giving me so many avenues its just too much info, i dont know if
> im going in the right direction.
> --
> ...
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> [email protected] (#PLUG @ irc.free.net.ph)
> Read the Guidelines: http://linux.org.ph/lists
> Searchable Archives: http://archives.free.net.ph
>
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
