<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
Article Discussions
»
Article Discussions by Author
»
Discuss content posted by Geoff Albin
»
How to recover a SQL Server login password.
36 posts, Page 4 of 4
««
«
1
2
3
4
How to recover a SQL Server login password.
Rate Topic
Display Mode
Topic Options
Author
Message
BenWard
BenWard
Posted Wednesday, March 06, 2013 4:19 AM
Old Hand
Group: General Forum Members
Last Login: Wednesday, May 08, 2013 7:23 AM
Points: 324,
Visits: 531
Michael Meierruth (3/6/2013)
paul.knibbs (3/6/2013)
SQLCharger (3/6/2013)
Guys,
Would this also work with
Windows
hashes as well?
That would be even more scary (if someone manages to get your Windows hash from a server).
There's no reason why it wouldn't, but getting the Windows hash of your password from the server isn't a trivial thing--you usually need admin access in order to read the SAM database, and if you already have that level of access, why do you care about hacking somebody else's password?
It's for finding those people who use the same password everywhere else...
And naughty people who want to steal/sell sensitive data, but do it with someone else's name in the audit log so some poor innocent bloke gets fired instead of the real criminal.
Ben
^ Thats me!
----------------------------------------
01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
----------------------------------------
Post #1427296
Michael Meierruth
Michael Meierruth
Posted Wednesday, March 06, 2013 5:04 AM
SSC-Addicted
Group: General Forum Members
Last Login: Sunday, May 05, 2013 10:12 AM
Points: 480,
Visits: 1,604
And what's the point of what you're saying in your binary signature?
Post #1427319
SQLCharger
SQLCharger
Posted Wednesday, March 06, 2013 6:54 AM
SSC-Enthusiastic
Group: General Forum Members
Last Login: Friday, May 17, 2013 8:30 AM
Points: 153,
Visits: 1,278
Michael Meierruth (3/6/2013)
And what's the point of what you're saying in your binary signature?
A yes/no answer will suffice
Cheers,
JohnA
Post #1427360
BenWard
BenWard
Posted Wednesday, March 06, 2013 6:59 AM
Old Hand
Group: General Forum Members
Last Login: Wednesday, May 08, 2013 7:23 AM
Points: 324,
Visits: 531
Michael Meierruth (3/6/2013)
And what's the point of what you're saying in your binary signature?
It's self-referential.
Ben
^ Thats me!
----------------------------------------
01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
----------------------------------------
Post #1427364
K. Brian Kelley
K. Brian Kelley
Posted Wednesday, March 06, 2013 7:32 AM
Keeper of the Duck
Group: Moderators
Last Login: Yesterday @ 4:47 PM
Points: 6,584,
Visits: 1,788
Michael Meierruth (3/6/2013)
paul.knibbs (3/6/2013)
SQLCharger (3/6/2013)
Guys,
Would this also work with
Windows
hashes as well?
That would be even more scary (if someone manages to get your Windows hash from a server).
There's no reason why it wouldn't, but getting the Windows hash of your password from the server isn't a trivial thing--you usually need admin access in order to read the SAM database, and if you already have that level of access, why do you care about hacking somebody else's password?
It's for finding those people who use the same password everywhere else...
Or for escalating privileges, especially in a domain. Standard attack pattern:
1. Gain admin rights to a workstation or server.
2. Dump LSA Secrets. This gives you the password in plaintext for any services.
3. See what rights/group memberships those accounts have. They are now in your set of accounts to use for further compromise.
4. Dump the hashes from that system.
5. Use rainbow tables to gain the password from said hashes.
6. See what rights/group memberships those accounts have. They are also now in your set of accounts to use for further compromise.
7. If you've got a Domain Admin level at this point, you're set. You own the domain (and technically, the forest, meaning also every domain in said forest).
8. If you don't have an account with the level of privs that you want, spiderweb to other systems, trying the accounts you've captured and repeating steps 1-7.
3.
K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of
Introduction to SQL Server: Basic Skills for Any SQL Server User
|
Professional Development blog
|
Technical Blog
|
LinkedIn
|
Twitter
Post #1427396
Nadrek
Nadrek
Posted Wednesday, March 06, 2013 8:06 AM
Say Hey Kid
Group: General Forum Members
Last Login: 2 days ago @ 12:28 PM
Points: 675,
Visits: 2,031
paul.knibbs (3/6/2013)
SQLCharger (3/6/2013)
Guys,
Would this also work with
Windows
hashes as well?
That would be even more scary (if someone manages to get your Windows hash from a server).
There's no reason why it wouldn't, but getting the Windows hash of your password from the server isn't a trivial thing--you usually need admin access in order to read the SAM database...
And this is why SQL Server Service accounts should be minimally privileged (i.e. NEVER ADMIN, either local or domain) - so someone breaking one sysadmin-level account on the SQL Server instance has a harder time getting into other machines.
Yes, oclHashcat-lite and/or oclHashcat-plus have settings for various forms of Windows and Active Directory passwords (as well as Oracle, Mac, Cisco, and other modes).
Post #1427435
« Prev Topic
|
Next Topic »
36 posts, Page 4 of 4
««
«
1
2
3
4
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
