Disclosure and limits
Disclosure and limits of this Proof-of-concept
you'd better read it before using the Proof of concept
Read secure mysql against password crack
 
crack a MySQL pass in 1 minute
Proof-of-concept of the MySQL Password crack by Philippe Vigier / iAPX
Available after the delay MySQL AB asked for.
 
John-the-ripper vs. MyHack
Compare John-the-ripper versus my own hack
strengths and weaknesses of each one,
and cracking mysql password benchmark...
 
Read my LAMPHACK Blog
Read about Linux, Apache, MySQL, PHP & friends
Naturally I also use Percona, MongoDB, Varnish or NGINX, and develop code under Drupal 7, Symfony 2 & others
 
   
Cracking old MySQL Passwords
MySQL have 2 differents password storage scheme, the old-password scheme, that I crack, and the MySQL 4.1+ new scheme (a double SHA-1 that seems really robut at first sight).
Albeit it's 5 years since new scheme has been launched, almost each and every web installation of MySQL seems to use to old-scheme, at least for some passwords.

My crack is based on Chess-game concepts, and especially chessmate-search algorithm.
Seems weird, but it actually work well using a mix of brute-force, search-extension, position analysis, no-ply evaluation, ...read the details

My goal was to obtain a 8 or 9 MySQL password from it's fingerprint (stored in the user table of mysql database) within a day.
Actually, you need a quad-core for it. (such as an Apple MacPro)

Please read the disclosure page before cracking any pass. Thanks.
 
CC page under Creative Common Licence