Reference(s): www.exploit-db.com/download_pdf/15537/ http://www.leidecker.info/projects/phrasendrescher/mssql.c https://www.evilfingers.com/tools/GSAuditor.php >>> mssql_old_passwd(password='testpass', salt='4086ceb6', uppercase=True) '0x01004086CEB60C90646A8AB9
(password, salt, uppercase=True)
| 181 | return "0x%s" % (retVal.upper() if uppercase else retVal.lower()) |
| 182 | |
| 183 | def mssql_old_passwd(password, salt, uppercase=True): # version '2000' and before |
| 184 | """ |
| 185 | Reference(s): |
| 186 | www.exploit-db.com/download_pdf/15537/ |
| 187 | http://www.leidecker.info/projects/phrasendrescher/mssql.c |
| 188 | https://www.evilfingers.com/tools/GSAuditor.php |
| 189 | |
| 190 | >>> mssql_old_passwd(password='testpass', salt='4086ceb6', uppercase=True) |
| 191 | '0x01004086CEB60C90646A8AB9889FE3ED8E5C150B5460ECE8425AC7BB7255C0C81D79AA5D0E93D4BB077FB9A51DA0' |
| 192 | """ |
| 193 | |
| 194 | binsalt = decodeHex(salt) |
| 195 | unistr = b"".join((_.encode(UNICODE_ENCODING) + b"\0") if ord(_) < 256 else _.encode(UNICODE_ENCODING) for _ in password) |
| 196 | |
| 197 | retVal = "0100%s%s%s" % (salt, sha1(unistr + binsalt).hexdigest(), sha1(unistr.upper() + binsalt).hexdigest()) |
| 198 | |
| 199 | return "0x%s" % (retVal.upper() if uppercase else retVal.lower()) |
| 200 | |
| 201 | def oracle_passwd(password, salt, uppercase=True): |
| 202 | """ |
nothing calls this directly
no test coverage detected
searching dependent graphs…