?
Solved

sa password been reset and BUILTIN/Administrator has been removed from sysadmin group

Posted on 2003-03-21
8
Medium Priority
?
566 Views
Last Modified: 2007-12-19
A SQL SERVER 7 machine on my network was used and abused by a user, who reset the sa password and removed the NT/Administrator user from the SQL server sysadmins group, rendering it inaccessable to any sysadmins.

How can I get sysadmin privileges back on the sql server?

I have tried,
1) starting it in single user mode and trying to connect to it. (i think there is some scope for more investigation here, but im not sure what to try)
2) trying to connect to it using NT privileges.
3) a brute force sa password hack - but this was only check 5 passwords a second, and would have taken many years to get to 8 chars

I can stop the service and copy the mdf and ldf files to another machine and restore them, but then I'm going to end up with the same problem on another machine.

Is there any way I can extract or reset the sa password to blank using a utility?

Many thanks.

Tom H

0
Comment
Question by:tommyh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 4

Expert Comment

by:xxg4813
ID: 8182170
Backup all the DBs before u shutdown SQL Server, re-install SQL Server and reset the password upon installation.

Good luck!
0
 

Author Comment

by:tommyh
ID: 8187251
surely this will reinstall the master database, thus destroying all of my logins.

plus I can't login at the moment, so I can't make any backups.
0
 

Author Comment

by:tommyh
ID: 8187298
surely this will reinstall the master database, thus destroying all of my logins.

plus I can't login at the moment, so I can't make any backups.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:tommyh
ID: 8187470
surely this will reinstall the master database, thus destroying all of my logins.

plus I can't login at the moment, so I can't make any backups.
0
 
LVL 1

Accepted Solution

by:
Boricle earned 1500 total points
ID: 8194022
This has been addressed before.

http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_20194471.html

Basically, it says, stop service, backup it up, back it up again, check backs restore ok on seperate box, rebuild it all, restore relevent DBs, recreate logins.

If you don't want to do the rebuild option, then I would thinkt that the best thing to do is to go and find some dictionary cracker software for ODBC connections. If you have enough time, you might even be able to script some.

The place below has some tools. be warned I HAVE NEVER USED ANY OF THEM. ANY PASSWORD / PENETRATION SOFTWARE SHOULD BE CONSIDERED A POTENTIAL TORJAN (ie could take passwords and email to other people / set up holes in your system). If you do want to use them, I would suggest setting up a complete seperate copy of the server, not connected to any network, run the cracker, get your password (if any of them work), write it down, reformat and completely wipe the test machine.



http://neworder.box.sk/codebox.links.php?&key=sqltl

The description on this one looks interesting:
"Sql Dict - Brute-force SQL Server password utility. Good for auditing SQL Server passwords in your organization. Don't use this power for evil. (2202 hits)"
http://neworder.box.sk/codebox.click.php?id=34037&url=http%3A%2F%2Fwww.ntsecurity.nu%2Ftoolbox%2Fsqldict%2F

SQLAT - SQLAT is a suite of tools that could be useful for penetration testing a MS SQL Server. The tools are still in development but tend to be quite stable. (1172 hits)
http://neworder.box.sk/codebox.click.php?id=35633&url=http%3A%2F%2Fwww.cqure.net%2Ftools06.html

sqlbf - SQL Server password brute forcing tool by xaphan. Source (1717 hits)
http://neworder.box.sk/codebox.click.php?id=34039&url=http%3A%2F%2Fnewdata.box.sk%2F2001%2Fmay%2Fsqlbf_bin.zip
0
 

Author Comment

by:tommyh
ID: 8194327

Unfortunately I don't have an account available with backup privileges, and the scheduled maintentaince has packed up. I was trying to detach and reattach the database files but according to the documentation for both sp_attach_single_file_db and sp_attach_db, they both need to be used on previously detached databases.
In the current situation I definitely can't get sysadmin privileges to execute the sp_detach_db stored procedure.

Any ideas on reattaching undetached databases?
0
 

Expert Comment

by:CleanupPing
ID: 9275644
tommyh:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
I have a large data set and a SSIS package. How can I load this file in multi threading?
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question