|
During an audit I came across the %windir%\setup.iss install shield script for installing Microsoft SQL Server. Inside this log file it contained the following entries:
[DlgServices-0]
Local-Domain=61680
AutoStart=15
Result=1
SQLDomain=FILESERVER
SQLDomainAcct=Administrator
SQLDomainPwd=7471b949e337e8436425241d
AgtDomain=FILESERVER
AgtDomainAcct=Administrator
AgtDomainPwd=7471b949e337e8436425241d
[DlgSQLSecurity-0]
LoginMode=2
szPwd=1dd970e42289bed68cc5aad0
Result=1
I had a look in Google and Microsoft and just about the only thing I found was that is was stored using "a weak encryption". No idea what it is - the length does not match a hash.
I stumbled across the following URL: MS SQL setup.iss password encoding.
This appears to be the exact information I was looking for, but unfortunately the post is so old that the IMG links no longer exist, and the post refers to 'sqlsut.dll' which contains two exports - 'EncryptIt' and 'DecryptIt'. I searched the Net and found quite a few dodgy versions and did a EXPORTS dump to no avail.
Mining further through Yahoo and Google, I came across another SQL decrypter. It uses semcomn.dll. This file contains two exports - 'Encrypt' and 'Decrypt'.
I thought it was close so managed to find all the dependencies (included) and Recompiled them. But after testing a few string and also hex representation.. no luck.
I thought I'd post this just incase someone else is looking for what I was... at least this post will be more informative than the other Google results.
P.S. If you're looking to crack MSSQL password hashes within the SQL database, you're probably looking for NGS Software's NGSSQLCrack .
|