You're spot on... column number 1 million is an API Key column which has -
you guessed it - the same format as MySQL old hashes.  Thanks for your time.


On 7 February 2013 17:03, Chris Oakley <christopher.oak...@gmail.com> wrote:

> I'll have a look, there are many columns, one moment.
>
>
> On 7 February 2013 17:02, Miroslav Stampar <miroslav.stam...@gmail.com>wrote:
>
>> Hi.
>>
>> I can't reproduce that that value is recognized as a MySQL (old). Maybe
>> some other value has been recognized in a table dump as MySQL (old) but
>> that value wasn't that (pretty sure).
>>
>> Kind regards,
>> Miroslav Stampar
>> On Thu, Feb 7, 2013 at 3:09 PM, Miroslav Stampar <
>> miroslav.stam...@gmail.com> wrote:
>>
>>> This looks like a first part of standard MySQL pass hash. Full one
>>> should start with * and have 40 hex chars.
>>>
>>> Maybe one part is stored at one DBMS instance and the other at the other
>>> (for security reasons). This is a recommended way in high profile targets.
>>>
>>> I'll take a look later why it's recognized as mysql_old as it obvioulsy
>>> isn't.
>>>
>>> Bye
>>> Dana 7.2.2013. 14:46 "Chris Oakley" <christopher.oak...@gmail.com> je
>>> napisao/la:
>>>
>>>>  Hi All
>>>>
>>>> Not a direct SQLMap question but I thought someone might be able to
>>>> shed some light on this.  I'm testing an app that has SQL injection and a
>>>> lot of the user passwords hashes are in the following format:
>>>>
>>>> *15C828E597C8B6781C2
>>>>
>>>> Does anyone recognise what this is?  They're all unsalted.  SQLMap
>>>> picks it up as MySQL (Old) when it's trying to crack them, but this is
>>>> incorrect as far as I'm away.  Older MySQL hashes come in the format:
>>>>
>>>> 5c47637e661879aa (weddingtv) - cracked by SQLMap :)
>>>> Sorry to go a bit off topic...
>>>>
>>>> Cheers
>>>>
>>>> Chris
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Free Next-Gen Firewall Hardware Offer
>>>> Buy your Sophos next-gen firewall before the end March 2013
>>>> and get the hardware for free! Learn more.
>>>> http://p.sf.net/sfu/sophos-d2d-feb
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sqlmap-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>
>
>
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to