Ok, a slightly improved version of the script above, with a CASE statement that can validate password guesses, and which that should make things much more clear.
--If you need a test user, use this:
--CREATE LOGIN test_SQLPWHashTest_imEdHJyM WITH PASSWORD = '1#i5?^@v0uz1nzE\U^E}q6Gb):u#}0z~[cqW+d\CX!q:Uv1%/182)jV='
DECLARE @pwd VARCHAR(128)
DECLARE @sql NVARCHAR(4000)
SET @pwd = 'gMNaH,;b%1hOc#e$wf&A=AftZ+EPk0fqFx17B.15XK9-ZL;W{(BiVO'
SET @sql = 'ALTER LOGIN test_SQLPWHashTest_imEdHJyM WITH PASSWORD = ''' + @pwd + ''''
EXEC(@sql)
--SET @pwd = '!YA/b.(r7TALA9;o)7wm77fI#,qq,I6tjp)E}fs5l=+A:C[G#UkRPx/oERjjmP|fdxcrclh5gQ@P2*gg6jH^vOv3[e-&Z~Fng(Aror15/n#(=#[b}UK+Otb*)axaw2wU'
SELECT sl.name
, sp.type
, sl.sysadmin
, CASE
WHEN HASHBYTES('SHA1', CONVERT(VARBINARY(256),CONVERT(NVARCHAR(128),@pwd)) + CAST(RIGHT(LEFT(sl.password,3),2) AS BINARY(4))) = CAST(RIGHT(sl.password,10) AS BINARY(20)) THEN 'SQL2005Guessed'
WHEN HASHBYTES('SHA2_512', CONVERT(VARBINARY(256),CONVERT(NVARCHAR(128),@pwd)) + CAST(RIGHT(LEFT(sl.password,3),2) AS BINARY(4))) = CAST(RIGHT(sl.password,32) AS BINARY(64)) THEN 'SQL2012Guessed'
ELSE 'NotGuessed'
END
, CAST(sl.password AS VARBINARY(384)) AS EntireSaltAndPasswordHash_HashcatFormat
, LOGINPROPERTY(sl.name,'PasswordHash') AS EntireSaltAndPasswordHashAnotherWay
, CAST(LEFT(RIGHT(sl.password,12),2) AS BINARY(4)) AS Salt2005
, CAST(LEFT(RIGHT(sl.password,34),2) AS BINARY(4)) AS Salt2012
, CAST(RIGHT(LEFT(sl.password,3),2) AS BINARY(4)) AS Salt
, UPPER(RIGHT(sys.fn_varbintohexstr(CAST(RIGHT(LEFT(sl.password,3),2) AS BINARY(4))),8)) AS SaltPure
, CAST(RIGHT(sl.password,10) AS BINARY(20)) AS PasswordHash2005
, CAST(RIGHT(sl.password,32) AS BINARY(64)) AS PasswordHash2012
, UPPER(RIGHT(sys.fn_varbintohexstr(CAST(RIGHT(sl.password,10) AS BINARY(20))),40)) AS SQL2005_HashPure
, UPPER(RIGHT(sys.fn_varbintohexstr(CAST(RIGHT(sl.password,32) AS BINARY(64))),128)) AS SQL2012_HashPure
, UPPER(RIGHT(sys.fn_varbintohexstr(CAST(RIGHT(sl.password,10) AS BINARY(20))),40)) + ':' + UPPER(RIGHT(sys.fn_varbintohexstr(CAST(LEFT(RIGHT(sl.password,12),2) AS VARBINARY(32))),8)) AS SQL2005_2008R2_OCLHashCatLiteFormat
, UPPER(RIGHT(sys.fn_varbintohexstr(CAST(RIGHT(sl.password,64) AS VARBINARY(70))),128)) + ':' + UPPER(RIGHT(sys.fn_varbintohexstr(CAST(LEFT(RIGHT(sl.password,64),3) AS VARBINARY(70))),8)) AS SQL2012_OCLHashCatLiteFormat
, HASHBYTES('SHA1', CONVERT(VARBINARY(256),CONVERT(NVARCHAR(128),@pwd)) + CAST(RIGHT(LEFT(sl.password,3),2) AS BINARY(4))) AS HashBytesReconstructionOfPasswordHashFromAGivenPassword2005
, HASHBYTES('SHA2_512', CONVERT(VARBINARY(256),CONVERT(NVARCHAR(128),@pwd)) + CAST(RIGHT(LEFT(sl.password,3),2) AS BINARY(4))) AS HashBytesReconstructionOfPasswordHashFromAGivenPassword2012
FROM sys.syslogins sl
LEFT OUTER JOIN sys.server_principals sp
ON sp.sid = sl.sid
WHERE sl.password IS NOT NULL
AND sl.name LIKE '%test%'
--If you created a test user, use this:
--DROP LOGIN test_SQLPWHashTest_imEdHJyM