thc-hydra
thc-hydra copied to clipboard
MSSQL module has an undocumented username and password length limit
The MSSQL module has an undocumented and silent username and password limit of 30 characters.
See here: https://github.com/vanhauser-thc/thc-hydra/blob/master/hydra-mssql.c#L68-L71
It just chops the password off without any warning to the user. I've not yet tried recompiling the code with a higher limit (maybe there are other protocol reasons for this limit?) but that might be worth trying for anyone who needs to explore brute forcing characters longer than 30 characters on MSSQL.