Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SQL 2005 password recovery

Posted on 2009-04-09
6
Medium Priority
?
3,264 Views
Last Modified: 2012-05-06
Hi,
I have forgotten the sa password in SQL 2005, any free utility to reveal the password for this, I  do not wish to change the password as it would be pain to change everywhere in the scheduling and application which i wish to avoid. I am able to login with windows authentication but i need the sa password.

regards
syinfra
0
Comment
Question by:syinfra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 300 total points
ID: 24105237
0
 
LVL 12

Assisted Solution

by:Dimitris
Dimitris earned 300 total points
ID: 24105259
You have said that several applications are using the sa account.
If Yes then retrieve the password from that applications
If no then there is no problem to change the sa password because no application use it. The schedule tasks in SQL Agent are not requiring the run user password (sa) so changing the password will not have any affect
Also maintenance plans etc also ate triggered through SQL Agent, so no problem again.

Only the applications will have a problem if you can't retrieve the password from them.
But it is not a good practice to allow applications accessing SQL server with sa privileges. I would suggest to change the applications user also in order to minimize the security risk.

Also I don't think that a utility of retrieving SQL sa pwd exists, the algorithm is one-way and you can't from the hash password to get the initial value...

Hope that i could help you.
Regards
0
 
LVL 11

Assisted Solution

by:bmatumbura
bmatumbura earned 300 total points
ID: 24105336
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 20

Assisted Solution

by:Marten Rune
Marten Rune earned 600 total points
ID: 24106068
Listen to dankangr or you will most probably end up with virus in your production.

If you need to 'get' the SA pwd, then stop one of the applicatons that relies on SA (witch is a really poor design by the way), now sniff your SQL network interface alternatively the application servers network, then start the application and bingo, you have the password.

There is no breaking SQL2005 passwords that I know of.

/Marten
0
 

Author Comment

by:syinfra
ID: 24130173
Hi,
How can i retrieve the password by sniff , which is the suitable sniffer for such activity.

regards
syinfra
0
 
LVL 20

Assisted Solution

by:Marten Rune
Marten Rune earned 600 total points
ID: 24131368
Microsoft has a network monitor, or there is wireshark.
The password is obfuscated, read: http://www.nextgenss.com/papers/tp-SQL2000.pdf

I believe the same 'encryption' is used in sql2005.

Personally I would change it, best practice is to change it frequently. You should not be forced to have a specific SA password ever. Then there is something wrong with the design.
 
/Marten
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question