MSSQL-mdf-file-dump

Dump MSSQL hashes from .mdf file

View on GitHub

MSSQL-mdf-file-dump

MSSQL store creds in a master.mdf file. If we managed to get that file, we can extract the hashes from mdf file.

Extract Hashes from mdf file

OnPaste 20220609-182026

Open Powershell in Kali VM.

OnPaste 20220609-182203

Grab Get-MDFHashes.ps1 / OrcaMDF.RawCore.dll / OrcaMDF.Framework.dll

Resource

Import the Modules

Add-Type -Path 'OrcaMDF.RawCore.dll' 
Add-Type -Path 'OrcaMDF.Framework.dll' 
import-module .\Get-MDFHashes.ps1

NOTE: If Get-MDFHashes.ps1 shows error on running run twice like i did.

OnPaste 20220609-182705

Dump THe Hashes

Get-MDFHashes -mdf "/home/kali/dump/master.mdf"

NOTE: You have to provide the full path to master.mdf file.

OnPaste 20220609-183727

These value are the hash. You will notice that hash don’t fit in our screen. To make the hash visible we have to change our resolution. In Kali.

First Get the default value.

xrandr 

xrandr -s 3840x2400

Now again dump the Hash. It’s inconventient to work like this, so grab the hash and copy to a file. Then change the resolution to default. Now try to crack the hash.

OnPaste 20220609-184608

OnPaste 20220609-184834