Sybase SQL Anywhere - Help
#1
Hello team,

I'm trying to audit Sybase SQL Anywhere v17 (ASA) hashes. I saw that the Sybase Adaptive Server Enterprise (ASE) is already supported by hashcat.
The hashes look quite similiar so I'm wondering if there's just a shorter salt or some other modulation being used.

Sybase ASE:
Password: hashcat
Hash: 0xc00778168388631428230545ed2c976790af96768afa0806fe6c0da3b28f3e132137eac56f9bad027ea2

Regarding the module_08000.c:
Signature: 0xc007
Salt: 1808773188715731 (16 hex salt)
Hash: b69bd4e310b4129913aaf657356c5bdf3c46f249ed42477b5c74af6eaac4d15a (64 hex -> SHA256)

I created some test user/password combos for the ASA server.

Sybase ASA:
Password: hashcat
Hash: 0x01590438b6317cce37a677141a9605934aaf77818c5f6601c3a094ca3df9d8680d687af859

I found a password recovery tool for the ASA server at:
hxxps://www.thegrideon.com/sql-anywhere-forensics.html

The tool has a hash export function and some limited trial functions:
Database hash:
0x01590438b6317cce37a677141a9605934aaf77818c5f6601c3a094ca3df9d8680d687af859

Hash export with the tool:
590438B6317CCE37A677141A9605934AAF77818C5F6601C3A094CA3DF9D8680D687AF859

My idea was that with the ASE version they maybe just increased the salt length leaving us on the ASA side with:
Signature: 0x01
Salt: 590438B6 (8 hex salt instead of 16 hex salt)
Hash: 317CCE37A677141A9605934AAF77818C5F6601C3A094CA3DF9D8680D687AF859 (64 hex -> SHA256?)

I had no luck with my tests so far. So I'll greatly appreciate any kind of help/ideas.

Thanks in advance,
Jiivas
Reply