SQL Server 2000:-

SELECT password from master.dbo.sysxlogins where name=’sa’

0×010034767D5C0CFA5FDCA28C4A56085E65E882E71CB0ED250341

2FD54D6119FFF04129A1D72E7C3194F7284A7F3A

0×0100- constant header

34767D5C- salt

0CFA5FDCA28C4A56085E65E882E71CB0ED250341- case senstive hash

2FD54D6119FFF04129A1D72E7C3194F7284A7F3A- upper case hash

crack the upper case hash in ‘cain and abel’ and then work the case sentive hash

SQL server 2005:-

SELECT password_hash FROM sys.sql_logins where name=’sa’

0×0100993BF2315F36CC441485B35C4D84687DC02C78B0E680411F

0×0100- constant header

993BF231-salt

5F36CC441485B35C4D84687DC02C78B0E680411F- case sensitive hash

crack case sensitive hash in cain, try brute force and dictionary based attacks.

update:-

following bernardo’s comments:-

use function fn_varbintohexstr() to cast password in a hex string.

e.g. select name from sysxlogins union all select master.dbo.fn_varbintohexstr(password)from sysxlogins

MYSQL:-

In MySQL you can generate hashes internally using the password(), md5(), or sha1 functions. password() is the function used for MySQL’s own user authentication system. It returns a 16-byte string for MySQL versions prior to 4.1, and a 41-byte string (based on a double SHA-1 hash) for versions 4.1 and up. md5() is available from MySQL version 3.23.2 and sha1() was added later in 4.0.2.

*mysql < 4.1

*mysql >=4.1

mysql> SELECT PASSWORD(‘mypass’);

+&

摘自：http://hi.baidu.com/xi4o7e?page=1