You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It just chops the password off without any warning to the user. I've not yet tried recompiling the code with a higher limit (maybe there are other protocol reasons for this limit?) but that might be worth trying for anyone who needs to explore brute forcing characters longer than 30 characters on MSSQL.
The text was updated successfully, but these errors were encountered:
Thank you for the feedback. Can you clarify what you meant though, did Hydra ever have a max password length of 30? Or are you suspecting maybe early versions of MSSQL had such a password limit?
it could be that the limit was in early versions of the mssql database. or still is. I dont know.
I don't think there is a length limit for passwords in hydra itself. the modules can restrict the lengths themselves though like the mssql one.
The MSSQL module has an undocumented and silent username and password limit of 30 characters.
See here: https://github.com/vanhauser-thc/thc-hydra/blob/master/hydra-mssql.c#L68-L71
It just chops the password off without any warning to the user. I've not yet tried recompiling the code with a higher limit (maybe there are other protocol reasons for this limit?) but that might be worth trying for anyone who needs to explore brute forcing characters longer than 30 characters on MSSQL.
The text was updated successfully, but these errors were encountered: