Posted by Bowlby in InfoSec, InfoTechNov 18th, 2008 | No Comments
Quick blurb on recovering a MySQL password. Up to 4.1 MySQL stored user passwords using a 16 byte hash created via the PASSWORD() function. Recovering a MySQL password is a matter of retrieving the password hash from the user table of the MySQL database and attempting to crack the hash. Most alph-num-special passwords < 9 chars can be cracked given enough time. One program that was designed as a proof of concept is available at sqlhack.com.
Stop the MySql server: /etc/init.d/mysqld stop or killall mysqld
Start MySQL without the privilege system: mysqld_safe --skip-grant-tables &
Login as...
