Apologies if this isn't a good place for the question... Close if necessary.
In my organization I frequently need to crack passwords on Quickbooks QBW files. It is simple enough to strip the passwords from the files with other tools, but this isn't ideal for us for a few reasons. Some weaker passwords can be cracked with other tools, but I'd prefer to attack the raw hash if feasible for the more difficult passwords.
Through some research and testing I've been able to determine that the QBW files use a SQLAnywhere structure for the security and passwords are stored using SHA1 salted with the user name. The problem I'm finding is that all of this data looks to be encoded in such a way as to hide the 'plain text' hash and user name - a search of the raw file content (in Hexedit, big and/or little endian, unicode, etc) doesn't 'hit' on a known user name, hash, or known transactional item. I've tried accessing directly through SQLAW but can't establish a connection to the database (I'm assuming due to the encoding.) I haven't yet tried the quickbooks SDK and don't really want to go there if I don't have to.
So the fundamental question is whether anyone here knows the method that Intuit uses to encode the content of the file, and/or how to locate/view/access the Security table(s) so I can access the raw hashes.
Thanks for any thoughts.
-a guy name Lou
(Edit: Brain cramp - typed MySQL, is actually SQLAnywhere)
In my organization I frequently need to crack passwords on Quickbooks QBW files. It is simple enough to strip the passwords from the files with other tools, but this isn't ideal for us for a few reasons. Some weaker passwords can be cracked with other tools, but I'd prefer to attack the raw hash if feasible for the more difficult passwords.
Through some research and testing I've been able to determine that the QBW files use a SQLAnywhere structure for the security and passwords are stored using SHA1 salted with the user name. The problem I'm finding is that all of this data looks to be encoded in such a way as to hide the 'plain text' hash and user name - a search of the raw file content (in Hexedit, big and/or little endian, unicode, etc) doesn't 'hit' on a known user name, hash, or known transactional item. I've tried accessing directly through SQLAW but can't establish a connection to the database (I'm assuming due to the encoding.) I haven't yet tried the quickbooks SDK and don't really want to go there if I don't have to.
So the fundamental question is whether anyone here knows the method that Intuit uses to encode the content of the file, and/or how to locate/view/access the Security table(s) so I can access the raw hashes.
Thanks for any thoughts.
-a guy name Lou
(Edit: Brain cramp - typed MySQL, is actually SQLAnywhere)