This site uses advanced css techniques
We were recently faced with getting into a Sybase database where we had fully authorized Administrator access to the NT system, but everybody who knew the "sa" password was long gone. We positively needed the data, so we found a way in, and we're recording this here so we don't forget how we did this. We also hope to save others some time -- we spent the better part of a day fooling with this, and it could have all been much easier had we known.
The machine in question ran NT Server 4.0 with SP4, and Sybase version 11, but we suspect that this approach would work for newer versions too. We'd also not be surprised if this worked for Microsoft SQL server as well.
Like Microsoft's SQL server, Sybase permits three modes of authentication:
In "Integrated" security mode, there is further a method of translating otherwise unknown authentication attempts into a specific database user. Not all NT users necessarily map to a valid Sybase user, so the "DefaultLogon" is used to map unrecognized NT users into a single Sybase user. This could be used to provide a kind of generic "guest" access, and we believe that this is disabled by default.
We went into the registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\SYBASE\Server\server_name
where "server_name" is the name of the database server in question. A machine can run more than one database, and each is administered separately (they even have different NT services to manage).
Under this key, we set LoginMode to "1" and DefaultLogin to "sa" and restarted the associated NT service. From here we ran the Sybase SQL Central and connected while running as an otherwise unknown NT user. This was mapped to the "sa" account, and now we're an administrator of the databse.
We added a "real" Sybase user with proper SA access, and we were careful to pick a good password: Sybase will allow anybody to use it. We then unwound our changes to the registry and restarted the Sybase service to put things back as we found them. With our new SA user we were able to extract our data.
Standard "Please behave yourself" plaintives apply.