March 7, 2012 at 11:36 am
An additional eye-opener for the intended Hardening in our environment.
Thank you. 🙂
Br. Kenneth Igiri
https://kennethigiri.com
All nations come to my light, all kings to the brightness of my rising
March 7, 2012 at 11:53 am
Very useful post - I've used some of these methods on 2005 several times in the past due to instances not being set up correctly and with forgotten sa passwords. One question though - in the 3rd method, why not copy the LDF file(s) as well? As the instance has been cleanly shutdown, may as well copy them too and have a consistent/clean DB.
Thanks for a great and useful post!
Andy.
March 7, 2012 at 11:58 am
March 7, 2012 at 3:12 pm
SSIS connections should be using Windows authentication and use the encrypted option. However, you can at least try locating any .dtsConfig and .dtsx files and looking for properties called "ConnectionString".
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
March 8, 2012 at 2:45 am
Reported as spam.
---
Note to developers:Want to get the best help? Click here https://www.sqlservercentral.com/articles/forum-etiquette-how-to-post-datacode-on-a-forum-to-get-the-best-help (Jeff Moden)
My blog: http://uksqldba.blogspot.com
Visit http://www.DerekColley.co.uk to find out more about me.
March 8, 2012 at 2:46 am
Just wanted to say thank you to all who replied, an interesting discussion and thanks for your positive comments.
Scowls and dark looks to the spammer, though.
---
Note to developers:Want to get the best help? Click here https://www.sqlservercentral.com/articles/forum-etiquette-how-to-post-datacode-on-a-forum-to-get-the-best-help (Jeff Moden)
My blog: http://uksqldba.blogspot.com
Visit http://www.DerekColley.co.uk to find out more about me.
March 8, 2012 at 5:15 pm
Hugo Kornelis (3/7/2012)
The three methods mentioned in the article all require (assuming that the domain and SQL Server have been setup wisely) that the person performing the "attack" has access to a domain account with elevated privileges.
Right. A better name for the article would have been "Three Methods for regaining access SQL Server".
March 10, 2012 at 8:49 am
Joshua M Perry (3/7/2012)
There is always a back door. Consider this...
PsExec.exe -s -i
I was going to point this out as well. This method:
A) Requires that you have local Admin rights
B) utilizes the built-in principal permissions SQL attaches to itself
C) Has no bias to Microsoft's decision to remove BUILTIN\Administrators from the default permissions group.
I've become very used to using this when a customer in my line of work fails to properly keep up with their login info to SQL, a fairly regular occurrence. Just use this command to exec SSMS and auth a system. Done, add your perms and be on your merry, no SQL restart required, etc.
March 13, 2012 at 1:34 pm
Hello and thanks for writing the article.
I have also written an article on how to get into a SQL server when completely locked out so I feel your pain when people say "how can you write about this, are you a hacker or terrorist?" Shame on them!
There are many real world scenarios where you have no choice but to find a way into a SQL server. As long as you have perissions from the company you are fine.
Here's another thought. If the SQL server is using Mixed Mode you can use a brute force tool to figure out the SA account.
It's good for DBA's to know how to get into a SQL server so that you have help prevent from others doing the same thing. Also, if you don't have physical access or don't have server access then there isn't much you can do to get in unless you know of a user account that had access to the SQL server.
If we DBA's don't talk about this topic, you can bet the house that the bad guys are.
Thanks,
Rudy
Viewing 9 posts - 16 through 23 (of 23 total)
You must be logged in to reply to this topic. Login to reply