• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3275
  • Last Modified:

SQL 2005 password recovery

I have forgotten the sa password in SQL 2005, any free utility to reveal the password for this, I  do not wish to change the password as it would be pain to change everywhere in the scheduling and application which i wish to avoid. I am able to login with windows authentication but i need the sa password.

5 Solutions
DimitrisSenior Solution ArchitectCommented:
You have said that several applications are using the sa account.
If Yes then retrieve the password from that applications
If no then there is no problem to change the sa password because no application use it. The schedule tasks in SQL Agent are not requiring the run user password (sa) so changing the password will not have any affect
Also maintenance plans etc also ate triggered through SQL Agent, so no problem again.

Only the applications will have a problem if you can't retrieve the password from them.
But it is not a good practice to allow applications accessing SQL server with sa privileges. I would suggest to change the applications user also in order to minimize the security risk.

Also I don't think that a utility of retrieving SQL sa pwd exists, the algorithm is one-way and you can't from the hash password to get the initial value...

Hope that i could help you.
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Listen to dankangr or you will most probably end up with virus in your production.

If you need to 'get' the SA pwd, then stop one of the applicatons that relies on SA (witch is a really poor design by the way), now sniff your SQL network interface alternatively the application servers network, then start the application and bingo, you have the password.

There is no breaking SQL2005 passwords that I know of.

syinfraSenior Deputy ManagerAuthor Commented:
How can i retrieve the password by sniff , which is the suitable sniffer for such activity.

Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Microsoft has a network monitor, or there is wireshark.
The password is obfuscated, read: http://www.nextgenss.com/papers/tp-SQL2000.pdf

I believe the same 'encryption' is used in sql2005.

Personally I would change it, best practice is to change it frequently. You should not be forced to have a specific SA password ever. Then there is something wrong with the design.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now