SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


retrieve / recover sa password


retrieve / recover sa password

Author
Message
Yoel Sommer-283163
Yoel Sommer-283163
Grasshopper
Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)

Group: General Forum Members
Points: 15 Visits: 9

Hi all!

We just finished installing our new server with SQL Server 2005.

One of our older applications is apparently using the sa login to connect to on of the databases on the server. Not only that, the password is hard coded

As no one knows the actual sa password on the old server (SQL 2000) is there a way to retrieve / recover /transfer the sa password to the new server?

Thanks,

Yoel


K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10148 Visits: 1917
If you can do a packet trace, that's the easiest way. Otherwise you'd need a tool like SQLCrack or SQL Squirrel (from NGS Software) on the old server. If you can get a packet trace from your network guys when the application logs in, you can find the password fairly easily (assuming no encryption is going on for the connection):

An article I wrote takes you through the process of decrypting the password step-by-step:

SQL Server Security: Login Weaknesses

If you want to see the original references that detailed the weakness and how to utilize it, see the references at the bottom of the article.

K. Brian Kelley
@‌kbriankelley
Yelena Varshal
Yelena Varshal
SSCarpal Tunnel
SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)SSCarpal Tunnel (4.6K reputation)

Group: General Forum Members
Points: 4552 Visits: 595

Did you try SA with a blank password or SA with sa password?

Are you sure that nobody actually knows the SA password for the server?

Did you run the profiler to make sure that it is SA who is logging to the database?

What is the application code? Is it a web application, VB application? MS ACCESS? Excel? I actually know how to get the password from the Excel front end in some cases.

Did you search the server folders for the file with the word "password" ? Some developers and sysadmins document their work and the installation description or maintenance document could be actually present on the server. Also, there could be a configuration file in the application directory that contains the connection string.

Did you actually try to locate the previous support person and call him or her?




Regards,
Yelena Varshal

Yoel Sommer-283163
Yoel Sommer-283163
Grasshopper
Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)Grasshopper (15 reputation)

Group: General Forum Members
Points: 15 Visits: 9

I tried BKellys advice and it worked great! SQLCrack gave me the password in less than 5 mintues.

Thanks all for your help!

Yoel


amjadpathan
amjadpathan
Forum Newbie
Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)Forum Newbie (3 reputation)

Group: General Forum Members
Points: 3 Visits: 3
The first thing to do is to open up SQL Server Enterprise Manager and register the same server using Windows Authentication. Once the server has be registered, you can expand the Security node and open the properties of the sa account and change the 'sa' password.

Just a note: The windows account you register the SQL Server with must have admin privledges.
tosscrosby
  tosscrosby
Hall of Fame
Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)

Group: General Forum Members
Points: 3272 Visits: 5316
amjadpathan, while I'm sure your intentions are good, you do know you've responded to a thread that's been dormant for 30 months, don't you?

-- You can't be late until you show up.
SanjayAttray
SanjayAttray
SSCarpal Tunnel
SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)SSCarpal Tunnel (4.4K reputation)

Group: General Forum Members
Points: 4363 Visits: 1619
tosscrosby (7/17/2008)
amjadpathan, while I'm sure your intentions are good, you do know you've responded to a thread that's been dormant for 30 months, don't you?


Good reply.

SQL DBA.
sgreer-755727
sgreer-755727
Forum Newbie
Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)Forum Newbie (5 reputation)

Group: General Forum Members
Points: 5 Visits: 11
It's never too late to post something. Here I am in 2012, reading these. And running SQL Server 2000 too!
st_chava
st_chava
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 66
2013 and this thread is still working for those who still use SQL Server 2000
Elliswhite
Elliswhite
SSC-Enthusiastic
SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)SSC-Enthusiastic (159 reputation)

Group: General Forum Members
Points: 159 Visits: 54
Open the SQL Server Management Studio.
Open a New Query.

Copy, paste, and execute the following:

GO
ALTER LOGIN [sa] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword' MUST_CHANGE
GO

where NewPassword is the password you wish to use for the sa account.

SSMS Expert
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search