Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to recover a SQL Server login password.


How to recover a SQL Server login password.

Author
Message
mister.magoo
mister.magoo
SSCrazy
SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)SSCrazy (2.3K reputation)

Group: General Forum Members
Points: 2268 Visits: 7824
Jeff Moden (3/4/2013)
It's going to help me a lot.


Sounds ominous w00t

MM


select geometry::STGeomFromWKB(0x0106000000020000000103000000010000000B0000001000000000000840000000000000003DD8CCCCCCCCCC0840000000000000003DD8CCCCCCCCCC08408014AE47E17AFC3F040000000000104000CDCCCCCCCCEC3F9C999999999913408014AE47E17AFC3F9C99999999991340000000000000003D0000000000001440000000000000003D000000000000144000000000000000400400000000001040000000000000F03F100000000000084000000000000000401000000000000840000000000000003D0103000000010000000B000000000000000000143D000000000000003D009E99999999B93F000000000000003D009E99999999B93F8014AE47E17AFC3F400000000000F03F00CDCCCCCCCCEC3FA06666666666FE3F8014AE47E17AFC3FA06666666666FE3F000000000000003D1800000000000040000000000000003D18000000000000400000000000000040400000000000F03F000000000000F03F000000000000143D0000000000000040000000000000143D000000000000003D, 0);




  • Forum Etiquette: How to post Reporting Services problems
  • Forum Etiquette: How to post data/code on a forum to get the best help - by Jeff Moden
  • How to Post Performance Problems - by Gail Shaw

  • Sigerson
    Sigerson
    Mr or Mrs. 500
    Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)Mr or Mrs. 500 (551 reputation)

    Group: General Forum Members
    Points: 551 Visits: 1232
    I'm with Jeff. This is very cool stuff butvery ominous, too. I do have a SQL utility user pwd that I've lost, so this will be useful. On the other hand I don't want anybody else to know this. It's like the One Ring of Power, it's already making me think of all the malicious acts I could do with this power. ("My precious, my precious.")

    Actually, I've pretty much given up on passwords protecting me. One day and not too long from now, we'll all have implanted RF chips like doggie-lojacks that will identify us and let us use the atm, buy groceries, login to Amazon, etc.

    Sigerson

    "No pressure, no diamonds." - Thomas Carlyle
    BenWard
    BenWard
    SSC-Addicted
    SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)SSC-Addicted (437 reputation)

    Group: General Forum Members
    Points: 437 Visits: 821
    Sigerson (3/4/2013)
    we'll all have implanted RF chips


    Until some quack attempting to make a quick buck publishes a dubious medical report based on 3 test patients who just so happen to work in a nuclear power station linking RF implants to some disease that everyone is afraid of.

    I'm not cynical at all!

    Even that isn't fool proof, pickpocketers will start bumping into you with RF scanners and instead of just nabbing your wallet, will steal your identity, your car, you house and probably your wife and kids too.

    Ben

    ^ Thats me!


    ----------------------------------------
    01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
    ----------------------------------------
    paul.knibbs
    paul.knibbs
    SSCommitted
    SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

    Group: General Forum Members
    Points: 1972 Visits: 6213
    Sigerson (3/4/2013)On the other hand I don't want anybody else to know this. It's like the One Ring of Power, it's already making me think of all the malicious acts I could do with this power.


    Use longer passwords and it ceases to be an issue. Yes, he was able to find a 5-character password in 2 seconds using a brute force search with a powerful GPU, but the complexity of such a search increases massively with the number of characters--a guesstimate would suggest that if it takes 2 seconds to find a 5-character password, it will take approximately 23 days to find an 8-character password using the same mechanism! (This is assuming perhaps 100 possible characters used in the password, which would give the 8-character one a million times more possibilities than the 5-character one).

    If you had a 20-character password, well, it would probably take longer than the remaining life of the Universe to crack it!
    TravisDBA
    TravisDBA
    UDP Broadcaster
    UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

    Group: General Forum Members
    Points: 1462 Visits: 3069
    Geoff,

    Please be very careful about suggesting or even implying that people should do this on production SQL Servers. I work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be fined and/or prosecuted.:-D

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
    GregoryF
    GregoryF
    Ten Centuries
    Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)

    Group: General Forum Members
    Points: 1014 Visits: 885
    TravisDBA (3/4/2013)
    Be very careful about suggesting that people do this. i work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be prosecuted.:-D



    I don't work for the government, but I don't see a problem with the sa having this on his system (developers are another story). After all, as sa I can change your password at will and I have access to all unencrypted data.

    /* ----------------------------- */
    Tochter aus Elysium, Wir betreten feuertrunken, Himmlische, dein Heiligtum!
    TravisDBA
    TravisDBA
    UDP Broadcaster
    UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

    Group: General Forum Members
    Points: 1462 Visits: 3069
    paul.knibbs (3/4/2013)
    Sigerson (3/4/2013)On the other hand I don't want anybody else to know this. It's like the One Ring of Power, it's already making me think of all the malicious acts I could do with this power.


    Use longer passwords and it ceases to be an issue. Yes, he was able to find a 5-character password in 2 seconds using a brute force search with a powerful GPU, but the complexity of such a search increases massively with the number of characters--a guesstimate would suggest that if it takes 2 seconds to find a 5-character password, it will take approximately 23 days to find an 8-character password using the same mechanism! (This is assuming perhaps 100 possible characters used in the password, which would give the 8-character one a million times more possibilities than the 5-character one).

    If you had a 20-character password, well, it would probably take longer than the remaining life of the Universe to crack it!


    Greg,

    The government auditors don't care who you are or what level of access you have in your brain. If the files are PHYSICALLY on the government work laptop then it is vulnerable to attack and you are ultimately liable. Particularly, if this software can be used to crack SQL logins that have access to HIPPA Health related data.:-D

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
    Nadrek
    Nadrek
    Ten Centuries
    Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)

    Group: General Forum Members
    Points: 1031 Visits: 2673
    Excellent post on brute forcing using oclhashcat-lite - everyone, please be aware that dictionary and rules-based dictionary attacks are also available in GPU-powered form with these excellent tools.

    For everyone worried about their passwords, note that SQL Server itself dues support a maximum of 128 characters, and high ASCII is allowed, so if you absolutely must have the "sa" account or a similar SQL Server sysadmin level account available, then a password like

    Éá«zpÙYÆÉlêÙRoPõ3wC3Ó)~=5ûÈælZOcLÛہ¼{ÖÅw™úG54)uQçeÂ?n¾KaôÅAÔÓ½Ò5år³\5ÞÑ=l¾[ÑæQ}ÞZPÐAþ+xhR߬fó1ßfG{ñBÉÜšn‡ƒeji—ÜQ¾væ—ŸTBËŠÍÔ—xÂ

    is perfectly acceptable, and can be cut and pasted into SSMS without any problems.

    As far as longer word-based passwords, something like
    Madeline12152008 is a horrible password, especially if your daughter Madeline was born on December 15th in 2008.

    ETA: Software like KeePass can be used to generate (and store) such passwords.
    Geoff A
    Geoff A
    SSChasing Mays
    SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)SSChasing Mays (606 reputation)

    Group: General Forum Members
    Points: 606 Visits: 1790
    TravisDBA (3/4/2013)
    Geoff,

    Please be Be very careful about suggesting or even implying that people should do this on productiohn SQL Servers. i work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be prosecuted.:-D


    Travis,
    i am not sure how i am resposible for goverment employees and their activities on their laptops.
    but if you saying i should be on the look out for black suits knocking on my door, I'll keep one eye open ;-)
    TravisDBA
    TravisDBA
    UDP Broadcaster
    UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

    Group: General Forum Members
    Points: 1462 Visits: 3069
    Geoff A (3/4/2013)
    TravisDBA (3/4/2013)
    Geoff,

    Please be Be very careful about suggesting or even implying that people should do this on productiohn SQL Servers. i work for the government and the auditors are looking for this kind of stuff on your PC and if they find it, you are probably gone!!! I repeat: DO NOT KEEP THESE FILES ON YOUR WORK LAPTOP IF YOU WORK FOR THE GOVERNMENT, OR YOU ARE A GOVERNMENT CONTRACTOR!!!! You can not only be fired you can also be prosecuted.:-D


    Travis,
    i am not sure how i am resposible for goverment employees and their activities on their laptops.
    but if you saying i should be on the look out for black suits knocking on my door, I'll keep one eye open ;-)


    Ok, no problem, just be careful suggesting that kind of thing to the public at large. Not everyone means well in this world. That is all I'm saying. I could see someone sitting in court and explaining "Well your honor, Geoff Albin showed me how to hack a SQL Login production password on SQLServerCentral.com!!!":-D

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
    Go


    Permissions

    You can't post new topics.
    You can't post topic replies.
    You can't post new polls.
    You can't post replies to polls.
    You can't edit your own topics.
    You can't delete your own topics.
    You can't edit other topics.
    You can't delete other topics.
    You can't edit your own posts.
    You can't edit other posts.
    You can't delete your own posts.
    You can't delete other posts.
    You can't post events.
    You can't edit your own events.
    You can't edit other events.
    You can't delete your own events.
    You can't delete other events.
    You can't send private messages.
    You can't send emails.
    You can read topics.
    You can't vote in polls.
    You can't upload attachments.
    You can download attachments.
    You can't post HTML code.
    You can't edit HTML code.
    You can't post IFCode.
    You can't post JavaScript.
    You can post emoticons.
    You can't post or upload images.

    Select a forum

































































































































































    SQLServerCentral


    Search