Tried, Tested and Proven

network


JohnTheRipper magnum-jumbo now has support for MySQL authentication hashes. These are different from the normal MySQL password hashes you’d find in the information_schema database, and they’re only used as part of the authentication protocol.

If you go into Wireshark and look at some MySQL traffic for versions >=4.1, you’ll see a “Server Greeting” packet which contains a random salt value. Wireshark nicely dissects this for you. Look for the “LoginRequest” packet, and find the password field – this is a hash based on the real password and the salt. Continue reading