11-09-2015, 06:46 PM
I want to preface this with saying I've read the forum rules and I'm trying my best to comply with them. I'm not asking anyone to crack hashes for me, and I've no intention of posting any un-masked hashes on here.
I work as a pentester and I'm completing an audit of a third-party site for my employer. In the course of the audit my team managed to pull several password hashes from an MSSQL database using SQL injection. We're now trying to crack those hashes, but they don't fit any format I've ever seen.
The hashes are all 9-23 characters in length, alpha-numeric, mixed case, and contain hyphens and underscores. Our first guess was there was some sort of base64 encoding going on, but that doesn't fit with the hyphens and underscores.
Does anyone have any insight into mssql hashing methods, and what this might be? The hashes aren't long enough to be any of the typical mssql methods, and I can't explain the variable length.
I work as a pentester and I'm completing an audit of a third-party site for my employer. In the course of the audit my team managed to pull several password hashes from an MSSQL database using SQL injection. We're now trying to crack those hashes, but they don't fit any format I've ever seen.
The hashes are all 9-23 characters in length, alpha-numeric, mixed case, and contain hyphens and underscores. Our first guess was there was some sort of base64 encoding going on, but that doesn't fit with the hyphens and underscores.
Does anyone have any insight into mssql hashing methods, and what this might be? The hashes aren't long enough to be any of the typical mssql methods, and I can't explain the variable length.