±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36783
New Yesterday: 2 Visitors: 135

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Database cracking tools and setup?

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

erowe
Senior Member
 

Database cracking tools and setup?

Post Posted: Aug 05, 16 21:40

I was wondering if anyone had any experience or advice on cracking database passwords.

I received an inquiry from one of our departments and it looks like they to set up some equipment to crack passwords on database files (e.g. MSAccess, MSSQL, Pervasive/Btrieve, Sybase, etc.).

Thanks for any advice.  
 
  

jaclaz
Senior Member
 

Re: Database cracking tools and setup?

Post Posted: Aug 06, 16 00:11

- erowe
I was wondering if anyone had any experience or advice on cracking database passwords.

I received an inquiry from one of our departments and it looks like they to set up some equipment to crack passwords on database files (e.g. MSAccess, MSSQL, Pervasive/Btrieve, Sybase, etc.).

Thanks for any advice.

With all due respect Smile , it is just like asking how to open and start "a" car without keys, not only you need to state the make, but also the model (possibly an exact one).

There may be specific ways for database "xy" but only for version 1 and 2, but not 3 and not 2.8 beta.

It's not like database password protection/encryption is theoretically different from the same kind of protection on any other files (containers, archives, spreadsheets, etc.), the point is only about specific vulnerabilities (if any), and or the existence of (relatively) fast specific brute-force tools for them.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

RolfGutmann
Senior Member
 

Re: Database cracking tools and setup?

Post Posted: Aug 06, 16 02:31

So let's take e.g. Hadoop 2.7.2 - what do you say?  
 
  

jaclaz
Senior Member
 

Re: Database cracking tools and setup?

Post Posted: Aug 06, 16 13:39

- RolfGutmann
So let's take e.g. Hadoop 2.7.2 - what do you say?

Nothing, but - out of curiosity - weren't you busy pinning down a horse within a 10 cm range GPS postion? Question

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

athulin
Senior Member
 

Re: Database cracking tools and setup?

Post Posted: Aug 06, 16 13:56

- erowe
I was wondering if anyone had any experience or advice on cracking database passwords.


Hm ... in this particular forum, the assumed context will be that of a) imaging a system, b) finding one or more files in that image that are identified as database-related, and then c) realizing that the files require some form of decryption before they can be accessed. And you're asking for tools to do that.

Is that what you (or your colleagues) are after?

Haven't seen any systematic research published, as far as I remember. It would probably mean: identifying the database release from the files, researching where that release kept its password hashes and in what form (this may require a test bench with that release running), and sufficient knowledge about password-cracking tools (such as hashcat, John the Ripper and others) to decide if it is supported, or if you need to write a new cracking module.

Password cracking is not yet an enterprise activity, except for very specific situations, such as AD or ZIP or ... Cracking passwords from unspecified databases even less so: it requires cracking know-how as well as a wide database knowledge.

The only general recommendation is to acquire both.

If the question is more concentrated on the hardware to do the job ... I'd say it depends on the actual cracking software used. Fit the hardware to the tool, not the other way around.  
 

Page 1 of 1