?
Solved

Need to view the username and password a program is using to access a sql database

Posted on 2007-12-02
9
Medium Priority
?
213 Views
Last Modified: 2010-04-21
Hey there, I had one of my team members compile a custome installer for a reporting program that accesses a SQL database.  My team member is gone now and we had an issue with the sql server needing to be reloaded.

We have access to the DB through the manager and know the SA password.

We know the SQL user account being used to query the database (is shows up in the event viewer log as logon filed for user 'username') when the application is run and trying to connect to the database.

How can we find out the PW the compiled program is trying to use so we can change the sql password for the user?

Is there anyway to sniff or is there an app withing the sql2005 tools to monitor usernames and passwords being used by incoming connections?

0
Comment
Question by:bcameron70
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 25

Expert Comment

by:imitchie
ID: 20392933
For security purposes, password fields are not recorded anywhere. You should simply reset the password using sp_password. You don't have to know the old password
0
 
LVL 25

Expert Comment

by:imitchie
ID: 20392964
I see where you're coming from. Please have a look at this Ppt, which contains a link to another Ppt.
http://www.sqldbatips.com/presentations/REALLY_HACKING_SQL.ppt
If that is too hard, just get
http://www.downloadjunction.com/product/store/4329/index.html
0
 

Author Comment

by:bcameron70
ID: 20392976
I have the SP password, I am trying to reverse-engineer the dbase connection by finding out what the application is throwing at the dbase for a password so I can make the dbase password match.

The program was compiled and my guy who had done it is gone, so I am trying to avoid re-compiling the program is possible.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:bcameron70
ID: 20392984
just saw your update after posting my reply, looks like you got yours in first, I'll be back in a few to try, thank you
0
 

Author Comment

by:bcameron70
ID: 20393267
Ive tried the utility to see if it catches and nothing comes across.  I tried logging into another machine on the network to pass through but no luck.

I tried ethereal jsut in case, but I do not see anything passing of relevance.

Any other thoughts?
0
 
LVL 25

Accepted Solution

by:
imitchie earned 2000 total points
ID: 20393376
I never had problems with ethereal, and it doesn't matter whether it's 2000/2005, because it's the client providing the info.. I can't think of anything else except maybe you have misused some settings. Try Omnipeek if that's easier to use
0
 

Author Comment

by:bcameron70
ID: 20393387
I'll give omnipeek a shot.

Ethereal has been very successful in the past for me, I did not see any passwords traversing as mentioned in the ppt link you sent.  Maybe I just have an untrained eye.

0
 

Author Comment

by:bcameron70
ID: 20414688
Thank you for your effort on this, I ended up allowing all the sql permissions to the user and then opened up the linked tabled and applying another password which seemed to work.

Thank you again
0
 

Author Closing Comment

by:bcameron70
ID: 31412241
Wanted to award points for trying
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question