SQLServerCentral Article

How Safe are Your Passwords?

,

How safe are your passwords?

Try this set of tools:

  • FindSA and FinSADic are passwords crackers.
  • PWDAnalysis will give an estimate on how easy it is to crack a password.
  • RandomPWD will generate a random password using all ASCII characters above 32, some will require using ALT to display them.
  • RandomPWDkbd will generate a random password using all ASCII characters above 32 but below 126, all characters accessible directly through the keyboard.
  • Possibilities  returns how many different passwords are possible with 1 up to c characters from a universe of n different characters.

FindSA

This is a brute force attack trying to find the SA password.

FindSA has 1 parameter: size.

Size is the maximum length of the passwords to be tested.

Example:

(assuming SA password was “AS”)

EXEC dbo.FindSA 2

FinSADic

This is a dictionary attack trying to find any password.

FinSADic has 1 parameter: file.

File is the full path+file name to be used as the dictionary for the attack.

Example:

Contents of “C:\wordlist.txt”:

abc

sa

as

sql

hello

xyz

(assuming SA password was “AS” and the file was “C:\wordlist.txt”)

EXEC dbo.FindSADic 'C:\wordlist.txt'

PWDAnalysis

PWDAnalysis has 2 parameters: sizePWD and sizeUniverse

The length of the password is sizePWD and the number of the possible characters to be used (universe) is sizeUniverse.

Most common values for sizePWD and why they are chosen:

(passwords are NOT case sensitive)

26 – Characters from “A” to “Z”, it allows the simplest and easiest to remember passwords.

36 - Characters from “A” to “Z” plus “0” to “9”, one step further if numbers are really used in each password and anywhere inside it not only at the end of it.

38 - Characters from “A” to “Z” plus “0” to “9” plus “_” and “!”, one step further, this might be the most common set of characters used in the real world.

95 - All ASCII characters from 32 to 126, much better than the ones above, quite complex passwords, not so easy to remember but all characters can be typed using the keyboard with no “special” keys involved.

223 - All ASCII characters from 32 to 255, this is the hardest to crack and so it should be the option for a SA password, it might require COPY/PASTE the password or using the ALT key and it should be very hard to memorize.

A password with 5 characters and containing only characters from “A” to “Z” (passwords are not case sensitive) would have sizePWD=5 and sizeUniverse=26

This is a very weak password:

exec dbo.PWDAnalysis 5,26

RandomPWD

This will generate a random password using all ASCII characters above 32 (inclusive).

RandomPWD has 1 input parameter: size and 1 output parameter: password.

Example:

declare @c varchar(10)

exec RandomPWD 10, @password=@c output

PRINT @c

RandomPWDkbd

This will generate a random password using all ASCII characters from  32 (inclusive) to 126(inclusive).

RandomPWDkbd has 1 input parameter: size and 1 output parameter: password.

Example:

declare @c varchar(10)

exec RandomPWDkbd 10, @password=@c output

PRINT @c

Stored Procedures and Functions:

FindSA - brute force attack for finding the SA password.

FindSADic - Dictionary attack for finding passwords.

PWDAnalysis – Analysis of password security.

RandomPWD – creates a random password with characters from ASCII 32 to 255 (all possible characters but some require using ALT to display them)

RandomPWDkbd – creates a random password with characters from ASCII 32 to 126 (all of them accessible directly through the keyboard)

Possibilities – returns how many different passwords are possible with 1 up to c characters from a universe of n different characters

DateFromSeconds – returns how many years, months, days, hours, minutes and seconds correspond to a certain number of seconds.

Code

ASCIItable

DateFromSeconds

FindSA

FindSADic

Possibilities

PWDAnalysis

RandomPWD

RandomPWDkbd


Acknowledgments

original idea:

David Litchfield

david@ngssoftware.com

Next Generation Security Software Ltd ©

http://www.nextgenss.com/

Thank you David, for sharing your report and allowing me to use it for my educational test code.

Highly recomended reading:

http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

original idea and code:

Chris Anley

chris@ngssoftware.com

Next Generation Security Software Ltd ©

http://www.nextgenss.com/

Thank you Chris, for sharing your report and allowing me to use it for my educational test code.

Highly recomended reading:

http://www.nextgenss.com/papers/advanced_sql_injection.pdf

Where to find word lists:

University of Oxford

ftp://ftp.ox.ac.uk/pub/wordlists

The wordlist project

http://wordlists.security-on.net/download.html

Kevin's Word Lists Page

http://wordlist.sourceforge.net/

SQLServerCentral.com, my employer and myself are not responsible for the use of this code. This code is provided as is and for educational purposes only.

Developed, adapted or translated to TSQL by Joseph Gama.

Rate

You rated this post out of 5. Change rating

Share

Categories

Join the discussion and add your comment

Share

Rate

You rated this post out of 5. Change rating

Related content