Solved

SQL 2005 password recovery

Posted on 2009-04-09
6
3,238 Views
Last Modified: 2012-05-06
Hi,
I have forgotten the sa password in SQL 2005, any free utility to reveal the password for this, I  do not wish to change the password as it would be pain to change everywhere in the scheduling and application which i wish to avoid. I am able to login with windows authentication but i need the sa password.

regards
syinfra
0
Comment
Question by:syinfra
6 Comments
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 100 total points
Comment Utility
0
 
LVL 12

Assisted Solution

by:Dimitris
Dimitris earned 100 total points
Comment Utility
You have said that several applications are using the sa account.
If Yes then retrieve the password from that applications
If no then there is no problem to change the sa password because no application use it. The schedule tasks in SQL Agent are not requiring the run user password (sa) so changing the password will not have any affect
Also maintenance plans etc also ate triggered through SQL Agent, so no problem again.

Only the applications will have a problem if you can't retrieve the password from them.
But it is not a good practice to allow applications accessing SQL server with sa privileges. I would suggest to change the applications user also in order to minimize the security risk.

Also I don't think that a utility of retrieving SQL sa pwd exists, the algorithm is one-way and you can't from the hash password to get the initial value...

Hope that i could help you.
Regards
0
 
LVL 11

Assisted Solution

by:bmatumbura
bmatumbura earned 100 total points
Comment Utility
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 20

Assisted Solution

by:Marten Rune
Marten Rune earned 200 total points
Comment Utility
Listen to dankangr or you will most probably end up with virus in your production.

If you need to 'get' the SA pwd, then stop one of the applicatons that relies on SA (witch is a really poor design by the way), now sniff your SQL network interface alternatively the application servers network, then start the application and bingo, you have the password.

There is no breaking SQL2005 passwords that I know of.

/Marten
0
 

Author Comment

by:syinfra
Comment Utility
Hi,
How can i retrieve the password by sniff , which is the suitable sniffer for such activity.

regards
syinfra
0
 
LVL 20

Assisted Solution

by:Marten Rune
Marten Rune earned 200 total points
Comment Utility
Microsoft has a network monitor, or there is wireshark.
The password is obfuscated, read: http://www.nextgenss.com/papers/tp-SQL2000.pdf

I believe the same 'encryption' is used in sql2005.

Personally I would change it, best practice is to change it frequently. You should not be forced to have a specific SA password ever. Then there is something wrong with the design.
 
/Marten
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

by Mark Wills PIVOT is a great facility and solves many an EAV (Entity - Attribute - Value) type transformation where we need the information held as data within a column to become columns in their own right. Now, in some cases that is relatively…
Use this article to create a batch file to backup a Microsoft SQL Server database to a Windows folder.  The folder can be on the local hard drive or on a network share.  This batch file will query the SQL server to get the current date & time and wi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now