The SQLServerAdvisor mailing from SearchSQLServer.com had a link to a very good article on cracking SQL Server passwords. The article, by Kevin Beaver, shows some of the common tools available to detect when the sa password isn't set (he references both SQLPing2 and SQLRecon and shows screenshots of SQLPing2) as well as tools capable of cracking the SQL Server password hashes. You can read the article here:
Password cracking tools for SQL Server
If you're responsible for the security of your organization's SQL Servers, have a look!
IT Security, MySQL, Perl, SQL Server, and Windows technologies.