NGS SQLCrack - NCC Group

frightenedfroggeryData Management

Dec 16, 2012 (5 years and 6 months ago)



Microsoft SQL Server, Oracle, MySQL, PostgreSQL and Sysbase ASE are relational database
management systems that form the integral core of data storage and access environments for many
corporations. In a business environment that demands factors of performance, scalability and
reliability, these RDBMS’s deliver. With sophisticated RDBM systems comes a range of vulnerabilities
and risk factors, which can lead to a decrease in productivity, lost revenues, and stolen data.

NGS SQLCrack is an innovative password-cracking utility for these RDBMS’s that can assist enterprises in securing their
storage and access infrastructures.
It allows system administrators to quickly scan systems for weak passwords that are susceptible to brute force attacks,
and guard against them.
Weak passwords are acknowledged as being a significant threat to enterprise level security; however they are easy to
guard against. Password auditing is a proven technique for minimising risk exposure, and identifying user accounts with
weak passwords.
NGS SQLCrack can now integrate directly with NGS SQuirreL for Oracle, SQL Server, MySQL and Sybase ASE. Clients
who purchase these versions of NGS SQuirreL get a free copy of NGS SQLCrack!

Product Overview

NGS SQLCrack forms part of the NCC Group’s suite of Intelligent Next Generation Security Assessment tools. The
application has been specifically developed to enable administrators to quickly and easily discover insecure database
infrastructure passwords, and can be deployed in a variety of audit situations.

These RDBMS’s do not store passwords internally; they store hashes of passwords. These hashes are the result of
applying a one-way function (SHA, the Secure Hashing Algorithm) to the text of the password combined with a salt or
random value.

NGS SQLCrack has now been extended to allow the support for MySQL and PostgreSQL password hashes. Passwords
from these databases can now also be cracked by importing the hashes into SQLCrack.

The hash of the upper-case version of the password is stored along with the hash of the mixed-case version, and the salt
is stored along with these 2 hashes. All of this can be easily guessed by observing the hash values for different
NGS SQLCrack conducts a variety of attacks against supported RDBMS password hashes to discover insecure
There are two aspects to the auditing process within NGS SQLCrack. These are:

1. Dictionary attack - using a 200,000 word dictionary (with the capability of adding custom dictionaries).
2. Brute Force attack - using various character combinations (including support for prefixes and

Features and Benefits

NGS SQLCrack has a number of key benefits, these include:

Flexible Reporting

Because performing a thorough password audit can sometimes be a demanding process, NGSSQLCrack allows users
to temporarily terminate an audit at any stage. A password crack file can be saved at any point during the audit process,
and then restarted on a more convenient occasion.



NGS SQLCrack is one of the fastest password auditing tools currently available for the supported RDBMS’s. On a 1.8
GHz Dual Core system with 1 GB RAM, NGS SQLCrack can perform a 200,000 word dictionary sweep in around a
second (on a single password hash) and over 800,000 attempts a second whilst in brute force mode.

Ease of Use and Accessibility

NGS SQLCrack is an intuitive and easily deployed application. Detailed documentation and the point and click
functionality of the product allows even inexperienced administrators to quickly enumerate weak passwords. For more
advanced users, NGS SQLCrack also has a wide range of customisable options.

Other Features and Benefits

Familiar GUI based tool.
Only database admin and local system admin can access password hashes.
Password hashes can be retrieved directly from the supported database infrastructures.
Password hashes can be pasted from Query Analyzer as well as manually added.
Passwords can be hidden upon users’ request.
There is now a password strength meter to show the strength of passwords in use.
The solution is cost effective, requiring minimal time and labour to use.
Contains multiple phases each with built-in presets.
Allow user to change number of threads allocated to cracking and scheduling.
Optimisation of scheduling path lengths.
Optimisation of hashing algorithms.
Correctly count "Passwords Tried" to include reversed passwords.
Correct SQL for retrieving hashes from instances named "MSSQLServer".
Improve behaviour on close-down - Warn user if hashes have not been saved.
Prevent deadlock when writing to main page.
Added support for Team Names, including Japanese Team Names.
Available customisation options now include: Common names, Keyboard patterns and CVC patterns.
Phase variations can be increased by using Prefixes, Suffixes, Substitutions and Separators.
Supported RDBMS versions:

MS SQL Server 7/2000/2005/2008, Oracle 8i/9i/10g/11g, Sybase ASE 15.0.2, MySQL 4.1, 5.0, 5.1 & 5.5

PostgreSQL – All Versions


System Requirements

NGS SQLCrack – Standalone Scanning System – The optimum specifications for a machine to run the
application and scan multiple database instances of the required type:
• Server or client architecture system
• CPU: 1 x Dual Core i3/i5 or Quad Core i7 or Core 2 Duo Processor @ 3.0 GHz
• Memory: 4-8 GB dual channel DDR2 or 6-9 GB tri channel DDR3 RAM
• Hard Drive: SATA or SAS 7.5/10k RPM 250GB+
• Network: 100MB/1GB Ethernet
• Software: Windows XP or Windows 7 / Windows Server 2003/2008
• Other Software:
￿ Suitable Oracle, SQL Server or Sybase database servers to scan
￿ An up to date Internet browser
￿ Note: A minimum of the Sybase ASE or Oracle client components is required in order to run NGS
SQLCrack against Sybase ASE or Oracle databases
• Available for Sybase ASE from:

• Available for Oracle from: