[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] mysql password cracking

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] mysql password cracking
From: "Willem Koenings" <isec@xxxxxxxxxx>
Date: Sat, 09 Oct 2004 09:44:55 -0500

hi,

> I'm wondering how dangerous it is to allow a user on a 
> mysql db to view the grants for another user. Could 
> they take the encrypted password data and possibly 
> crack it? If they can, how easy is it? 

on certain condition it's quite easy, if you have
a hash:

test.exe 57510426775c5b0f
Hash: 57510426775c5b0f
Trying length 3
Trying length 4
Trying length 5
Found pass: guest


some reading for you:

http://www.ngssoftware.com/papers/HackproofingMySQL.pdf

all the best,

W.
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] mysql password cracking
  - From: Chris Anley

Prev by Date: Re: [Full-Disclosure] mysql password cracking
Next by Date: SV: SV: [Full-Disclosure] JPEG GDI+ (MS04-028) Exploit @ http://home.zccn.net/mm2004
Previous by thread: Re: [Full-Disclosure] mysql password cracking
Next by thread: Re: [Full-Disclosure] mysql password cracking
Index(es):
- Date
- Thread