SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


retrieve / recover sa password


retrieve / recover sa password

Author
Message
Yoel Sommer-283163
Yoel Sommer-283163
SSC Journeyman
SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)

Group: General Forum Members
Points: 81 Visits: 9

Hi all!

We just finished installing our new server with SQL Server 2005.

One of our older applications is apparently using the sa login to connect to on of the databases on the server. Not only that, the password is hard coded

As no one knows the actual sa password on the old server (SQL 2000) is there a way to retrieve / recover /transfer the sa password to the new server?

Thanks,

Yoel


K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (57K reputation)

Group: Moderators
Points: 57424 Visits: 1917
If you can do a packet trace, that's the easiest way. Otherwise you'd need a tool like SQLCrack or SQL Squirrel (from NGS Software) on the old server. If you can get a packet trace from your network guys when the application logs in, you can find the password fairly easily (assuming no encryption is going on for the connection):

An article I wrote takes you through the process of decrypting the password step-by-step:

SQL Server Security: Login Weaknesses

If you want to see the original references that detailed the weakness and how to utilize it, see the references at the bottom of the article.

K. Brian Kelley
@‌kbriankelley
Yelena Varshal
Yelena Varshal
SSCoach
SSCoach (18K reputation)SSCoach (18K reputation)SSCoach (18K reputation)SSCoach (18K reputation)SSCoach (18K reputation)SSCoach (18K reputation)SSCoach (18K reputation)SSCoach (18K reputation)

Group: General Forum Members
Points: 18840 Visits: 608

Did you try SA with a blank password or SA with sa password?

Are you sure that nobody actually knows the SA password for the server?

Did you run the profiler to make sure that it is SA who is logging to the database?

What is the application code? Is it a web application, VB application? MS ACCESS? Excel? I actually know how to get the password from the Excel front end in some cases.

Did you search the server folders for the file with the word "password" ? Some developers and sysadmins document their work and the installation description or maintenance document could be actually present on the server. Also, there could be a configuration file in the application directory that contains the connection string.

Did you actually try to locate the previous support person and call him or her?




Regards,
Yelena Varshal

Yoel Sommer-283163
Yoel Sommer-283163
SSC Journeyman
SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)SSC Journeyman (81 reputation)

Group: General Forum Members
Points: 81 Visits: 9

I tried BKellys advice and it worked great! SQLCrack gave me the password in less than 5 mintues.

Thanks all for your help!

Yoel


amjadpathan
amjadpathan
Valued Member
Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)Valued Member (51 reputation)

Group: General Forum Members
Points: 51 Visits: 3
The first thing to do is to open up SQL Server Enterprise Manager and register the same server using Windows Authentication. Once the server has be registered, you can expand the Security node and open the properties of the sa account and change the 'sa' password.

Just a note: The windows account you register the SQL Server with must have admin privledges.
tosscrosby
  tosscrosby
SSChampion
SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)SSChampion (11K reputation)

Group: General Forum Members
Points: 11090 Visits: 5316
amjadpathan, while I'm sure your intentions are good, you do know you've responded to a thread that's been dormant for 30 months, don't you?

-- You can't be late until you show up.
SanjayAttray
SanjayAttray
SSCrazy Eights
SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)SSCrazy Eights (8.5K reputation)

Group: General Forum Members
Points: 8455 Visits: 1619
tosscrosby (7/17/2008)
amjadpathan, while I'm sure your intentions are good, you do know you've responded to a thread that's been dormant for 30 months, don't you?


Good reply.

SQL DBA.
sgreer-755727
sgreer-755727
SSC Rookie
SSC Rookie (41 reputation)SSC Rookie (41 reputation)SSC Rookie (41 reputation)SSC Rookie (41 reputation)SSC Rookie (41 reputation)SSC Rookie (41 reputation)SSC Rookie (41 reputation)SSC Rookie (41 reputation)

Group: General Forum Members
Points: 41 Visits: 11
It's never too late to post something. Here I am in 2012, reading these. And running SQL Server 2000 too!
st_chava
st_chava
SSC Journeyman
SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)SSC Journeyman (76 reputation)

Group: General Forum Members
Points: 76 Visits: 66
2013 and this thread is still working for those who still use SQL Server 2000
Elliswhite
Elliswhite
Ten Centuries
Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)Ten Centuries (1K reputation)

Group: General Forum Members
Points: 1027 Visits: 54
Open the SQL Server Management Studio.
Open a New Query.

Copy, paste, and execute the following:

GO
ALTER LOGIN [sa] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword' MUST_CHANGE
GO

where NewPassword is the password you wish to use for the sa account.

SSMS Expert
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum








































































































































































SQLServerCentral


Search