This is just a note. This is a known old problem. If a password hash of MySQL user is hashed with OLD_PASSWORD() function or is imported from very old version, the hash is equivalent to password. You do not need to crack a hash to login to MySQL.
Here is my patch for libmysql_r/password.c for MySQL version 5.1.55.
--- password.c.orig 2012-01-11 21:32:02.644042061 +0700 +++ password.c 2012-01-11 21:33:30.676109909 +0700 @@ -191,6 +191,7 @@ void scramble_323(char *to, const char * char extra, *to_start=to; const char *message_end= message + SCRAMBLE_LENGTH_323; hash_password(hash_pass,password, (uint) strlen(password)); + if (strlen(password) == 16) sscanf(password, "%8lx%8lx", &hash_pass[0], &hash_pass[1]); hash_password(hash_message, message, SCRAMBLE_LENGTH_323); randominit(&rand_st,hash_pass[0] ^ hash_message[0], hash_pass[1] ^ hash_message[1]);
Here the commands to build only client.
$ ./configure --without-server $ make
Very nice post, keep it up.Best python training in Bangalore
ReplyDeleteHi.
ReplyDeleteThanks for sharing this information with us. This information was so useful to us about SQL programming thanks for sharing this information with us.
Here is sharing some Salesforce Service Cloud information that may be helpful to you.
Salesforce Service Cloud Training