Find SA Password (Brute Force)+Find Passwords
(Dictionary)+Analysis of Password Security+Password Generator+ASCII Table
How safe are your passwords?
Try this set of tools:
FindSA and FinSADic are
passwords crackers.
PWDAnalysis will give an estimate on how easy it is to crack a
password.
RandomPWD will generate a random password using all ASCII
characters above 32, some will require using ALT to display them.
RandomPWDkbd will generate a random password using all ASCII
characters above 32 but below 126, all characters accessible directly through
the keyboard.
Possibilities returns how many different passwords are possible
with 1 up to c characters from a universe of n different characters.
FindSA
This is a brute force attack
trying to find the SA password.
FindSA has 1 parameter: size.
Size is the maximum length of
the passwords to be tested.
Example:
(assuming SA password was
“AS”)
EXEC dbo.FindSA 2
FinSADic
This is a dictionary attack
trying to find any password.
FinSADic has 1 parameter:
file.
File is the full path+file
name to be used as the dictionary for the attack.
Example:
Contents of
“C:\wordlist.txt”:
abc
sa
as
sql
hello
xyz
|
|
(assuming SA password was “AS” and the
file was “C:\wordlist.txt”)
EXEC dbo.FindSADic
'C:\wordlist.txt'
PWDAnalysis
PWDAnalysis has 2 parameters:
sizePWD and sizeUniverse
The length of the password is
sizePWD and the number of the possible characters to be used (universe) is
sizeUniverse.
Most common values for
sizePWD and why they are chosen:
(passwords are NOT case
sensitive)
26 – Characters from “A” to
“Z”, it allows the simplest and easiest to remember passwords.
36 - Characters from “A” to
“Z” plus “0” to “9”, one step further if numbers are really used in each
password and anywhere inside it not only at the end of it.
38 - Characters from “A” to
“Z” plus “0” to “9” plus “_” and “!”, one step further, this might be the most
common set of characters used in the real world.
95 - All ASCII characters
from 32 to 126, much better than the ones above, quite complex passwords, not
so easy to remember but all characters can be typed using the keyboard with no
“special” keys involved.
223 - All ASCII characters
from 32 to 255, this is the hardest to crack and so it should be the option for
a SA password, it might require COPY/PASTE the password or using the ALT key
and it should be very hard to memorize.
A password with 5 characters
and containing only characters from “A” to “Z” (passwords are not case
sensitive) would have sizePWD=5 and sizeUniverse=26
This is a very weak password:
exec dbo.PWDAnalysis 5,26
RandomPWD
This will generate a random
password using all ASCII characters above 32 (inclusive).
RandomPWD has 1 input
parameter: size and 1 output parameter: password.
Example:
declare @c varchar(10)
exec RandomPWD 10,
@password=@c output
PRINT @c
RandomPWDkbd
This will generate a random
password using all ASCII characters from 32 (inclusive) to 126(inclusive).
RandomPWDkbd has 1 input
parameter: size and 1 output parameter: password.
Example:
declare @c varchar(10)
exec RandomPWDkbd 10,
@password=@c output
PRINT @c
Stored Procedures and Functions:
FindSA - brute force attack for finding the SA password.
FindSADic - Dictionary attack for finding passwords.
PWDAnalysis – Analysis of password security.
RandomPWD – creates a random password with characters from
ASCII 32 to 255 (all possible characters but some require using ALT to display
them)
RandomPWDkbd – creates a random password with characters from
ASCII 32 to 126 (all of them accessible directly through the keyboard)
Possibilities – returns how many different passwords are possible
with 1 up to c characters from a universe of n different characters
DateFromSeconds – returns how many years, months, days, hours,
minutes and seconds correspond to a certain number of seconds.
Code
Acknowledgments
original idea:
David Litchfield
david@ngssoftware.com
Next Generation Security
Software Ltd ©
http://www.nextgenss.com/
Thank you David, for sharing
your report and allowing me to use it for my educational test code.
Highly recomended reading:
http://www.nextgenss.com/papers/cracking-sql-passwords.pdf
original idea and code:
Chris Anley
chris@ngssoftware.com
Next Generation Security
Software Ltd ©
http://www.nextgenss.com/
Thank you Chris, for sharing
your report and allowing me to use it for my educational test code.
Highly recomended reading:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
Where to find word lists:
University of Oxford
ftp://ftp.ox.ac.uk/pub/wordlists
The wordlist project
http://wordlists.security-on.net/download.html
Kevin's Word Lists Page
http://wordlist.sourceforge.net/
SQLServerCentral.com, my
employer and myself are not responsible for the use of this code. This code is
provided as is and for educational purposes only.
Developed, adapted or
translated to TSQL by Joseph Gama.
