Need to view the username and password a program is using to access a sql database

Hey there, I had one of my team members compile a custome installer for a reporting program that accesses a SQL database.  My team member is gone now and we had an issue with the sql server needing to be reloaded.

We have access to the DB through the manager and know the SA password.

We know the SQL user account being used to query the database (is shows up in the event viewer log as logon filed for user 'username') when the application is run and trying to connect to the database.

How can we find out the PW the compiled program is trying to use so we can change the sql password for the user?

Is there anyway to sniff or is there an app withing the sql2005 tools to monitor usernames and passwords being used by incoming connections?

bcameron70Asked:
Who is Participating?
 
imitchieConnect With a Mentor Commented:
I never had problems with ethereal, and it doesn't matter whether it's 2000/2005, because it's the client providing the info.. I can't think of anything else except maybe you have misused some settings. Try Omnipeek if that's easier to use
0
 
imitchieCommented:
For security purposes, password fields are not recorded anywhere. You should simply reset the password using sp_password. You don't have to know the old password
0
 
imitchieCommented:
I see where you're coming from. Please have a look at this Ppt, which contains a link to another Ppt.
http://www.sqldbatips.com/presentations/REALLY_HACKING_SQL.ppt
If that is too hard, just get
http://www.downloadjunction.com/product/store/4329/index.html
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
bcameron70Author Commented:
I have the SP password, I am trying to reverse-engineer the dbase connection by finding out what the application is throwing at the dbase for a password so I can make the dbase password match.

The program was compiled and my guy who had done it is gone, so I am trying to avoid re-compiling the program is possible.
0
 
bcameron70Author Commented:
just saw your update after posting my reply, looks like you got yours in first, I'll be back in a few to try, thank you
0
 
bcameron70Author Commented:
Ive tried the utility to see if it catches and nothing comes across.  I tried logging into another machine on the network to pass through but no luck.

I tried ethereal jsut in case, but I do not see anything passing of relevance.

Any other thoughts?
0
 
bcameron70Author Commented:
I'll give omnipeek a shot.

Ethereal has been very successful in the past for me, I did not see any passwords traversing as mentioned in the ppt link you sent.  Maybe I just have an untrained eye.

0
 
bcameron70Author Commented:
Thank you for your effort on this, I ended up allowing all the sql permissions to the user and then opened up the linked tabled and applying another password which seemed to work.

Thank you again
0
 
bcameron70Author Commented:
Wanted to award points for trying
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.