Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

retrieve / recover sa password Expand / Collapse
Author
Message
Posted Thursday, January 26, 2006 7:54 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Tuesday, September 22, 2009 1:33 PM
Points: 11, Visits: 9

Hi all!

We just finished installing our new server with SQL Server 2005.

One of our older applications is apparently using the sa login to connect to on of the databases on the server. Not only that, the password is hard coded

As no one knows the actual sa password on the old server (SQL 2000) is there a way to retrieve / recover /transfer the sa password to the new server?

Thanks,

Yoel

 

Post #253723
Posted Thursday, January 26, 2006 8:38 AM


Keeper of the Duck

Keeper of the Duck

Group: Moderators
Last Login: Thursday, April 03, 2014 10:06 PM
Points: 6,621, Visits: 1,851
If you can do a packet trace, that's the easiest way. Otherwise you'd need a tool like SQLCrack or SQL Squirrel (from NGS Software) on the old server. If you can get a packet trace from your network guys when the application logs in, you can find the password fairly easily (assuming no encryption is going on for the connection):

An article I wrote takes you through the process of decrypting the password step-by-step:

SQL Server Security: Login Weaknesses

If you want to see the original references that detailed the weakness and how to utilize it, see the references at the bottom of the article.


K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog | Technical Blog | LinkedIn | Twitter
Post #253754
Posted Thursday, January 26, 2006 4:30 PM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Thursday, December 26, 2013 9:45 AM
Points: 3,475, Visits: 577

Did you try SA with a blank password or SA with sa password?

Are you sure that nobody actually knows the SA password for the server?

Did you run the profiler to make sure that it is SA who is logging to the database?

What is the application code? Is it a web application, VB application? MS ACCESS? Excel? I actually know how to get the password from the Excel front end in some cases.

Did you search the server folders for the file with the word "password" ? Some developers and sysadmins document their work and the installation description or maintenance document could be actually present on the server. Also, there could be a configuration file in the application directory that contains the connection string.

Did you actually try to locate the previous support person and call him or her?




Regards,
Yelena Varshal

Post #253933
Posted Friday, January 27, 2006 6:33 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Tuesday, September 22, 2009 1:33 PM
Points: 11, Visits: 9

I tried BKellys advice and it worked great! SQLCrack gave me the password in less than 5 mintues.

Thanks all for your help!

Yoel

 

Post #254056
Posted Wednesday, July 16, 2008 10:50 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Tuesday, August 07, 2012 1:18 AM
Points: 1, Visits: 3
The first thing to do is to open up SQL Server Enterprise Manager and register the same server using Windows Authentication. Once the server has be registered, you can expand the Security node and open the properties of the sa account and change the 'sa' password.

Just a note: The windows account you register the SQL Server with must have admin privledges.

Post #535665
Posted Thursday, July 17, 2008 8:01 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Tuesday, April 19, 2011 7:31 AM
Points: 2,832, Visits: 5,316
amjadpathan, while I'm sure your intentions are good, you do know you've responded to a thread that's been dormant for 30 months, don't you?


-- You can't be late until you show up.
Post #536010
Posted Friday, July 18, 2008 1:40 PM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 11:58 AM
Points: 3,924, Visits: 1,588
tosscrosby (7/17/2008)
amjadpathan, while I'm sure your intentions are good, you do know you've responded to a thread that's been dormant for 30 months, don't you?


Good reply.


SQL DBA.
Post #537039
Posted Monday, August 06, 2012 1:23 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, December 06, 2012 8:17 AM
Points: 3, Visits: 11
It's never too late to post something. Here I am in 2012, reading these. And running SQL Server 2000 too!
Post #1340860
Posted Wednesday, January 22, 2014 11:27 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, April 09, 2014 4:47 PM
Points: 9, Visits: 45
2013 and this thread is still working for those who still use SQL Server 2000
Post #1533777
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse