03-23-2023, 11:21 PM
Hello team,
I'm trying to audit Sybase SQL Anywhere v17 (ASA) hashes. I saw that the Sybase Adaptive Server Enterprise (ASE) is already supported by hashcat.
The hashes look quite similiar so I'm wondering if there's just a shorter salt or some other modulation being used.
Sybase ASE:
Password: hashcat
Hash: 0xc00778168388631428230545ed2c976790af96768afa0806fe6c0da3b28f3e132137eac56f9bad027ea2
Regarding the module_08000.c:
Signature: 0xc007
Salt: 1808773188715731 (16 hex salt)
Hash: b69bd4e310b4129913aaf657356c5bdf3c46f249ed42477b5c74af6eaac4d15a (64 hex -> SHA256)
I created some test user/password combos for the ASA server.
Sybase ASA:
Password: hashcat
Hash: 0x01590438b6317cce37a677141a9605934aaf77818c5f6601c3a094ca3df9d8680d687af859
I found a password recovery tool for the ASA server at:
hxxps://www.thegrideon.com/sql-anywhere-forensics.html
The tool has a hash export function and some limited trial functions:
Database hash:
0x01590438b6317cce37a677141a9605934aaf77818c5f6601c3a094ca3df9d8680d687af859
Hash export with the tool:
590438B6317CCE37A677141A9605934AAF77818C5F6601C3A094CA3DF9D8680D687AF859
My idea was that with the ASE version they maybe just increased the salt length leaving us on the ASA side with:
Signature: 0x01
Salt: 590438B6 (8 hex salt instead of 16 hex salt)
Hash: 317CCE37A677141A9605934AAF77818C5F6601C3A094CA3DF9D8680D687AF859 (64 hex -> SHA256?)
I had no luck with my tests so far. So I'll greatly appreciate any kind of help/ideas.
Thanks in advance,
Jiivas
I'm trying to audit Sybase SQL Anywhere v17 (ASA) hashes. I saw that the Sybase Adaptive Server Enterprise (ASE) is already supported by hashcat.
The hashes look quite similiar so I'm wondering if there's just a shorter salt or some other modulation being used.
Sybase ASE:
Password: hashcat
Hash: 0xc00778168388631428230545ed2c976790af96768afa0806fe6c0da3b28f3e132137eac56f9bad027ea2
Regarding the module_08000.c:
Signature: 0xc007
Salt: 1808773188715731 (16 hex salt)
Hash: b69bd4e310b4129913aaf657356c5bdf3c46f249ed42477b5c74af6eaac4d15a (64 hex -> SHA256)
I created some test user/password combos for the ASA server.
Sybase ASA:
Password: hashcat
Hash: 0x01590438b6317cce37a677141a9605934aaf77818c5f6601c3a094ca3df9d8680d687af859
I found a password recovery tool for the ASA server at:
hxxps://www.thegrideon.com/sql-anywhere-forensics.html
The tool has a hash export function and some limited trial functions:
Database hash:
0x01590438b6317cce37a677141a9605934aaf77818c5f6601c3a094ca3df9d8680d687af859
Hash export with the tool:
590438B6317CCE37A677141A9605934AAF77818C5F6601C3A094CA3DF9D8680D687AF859
My idea was that with the ASE version they maybe just increased the salt length leaving us on the ASA side with:
Signature: 0x01
Salt: 590438B6 (8 hex salt instead of 16 hex salt)
Hash: 317CCE37A677141A9605934AAF77818C5F6601C3A094CA3DF9D8680D687AF859 (64 hex -> SHA256?)
I had no luck with my tests so far. So I'll greatly appreciate any kind of help/ideas.
Thanks in advance,
Jiivas