Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SQL 2005 password recovery

Posted on 2009-04-09
6
Medium Priority
?
3,272 Views
Last Modified: 2012-05-06
Hi,
I have forgotten the sa password in SQL 2005, any free utility to reveal the password for this, I  do not wish to change the password as it would be pain to change everywhere in the scheduling and application which i wish to avoid. I am able to login with windows authentication but i need the sa password.

regards
syinfra
0
Comment
Question by:syinfra
6 Comments
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 300 total points
ID: 24105237
0
 
LVL 12

Assisted Solution

by:Dimitris
Dimitris earned 300 total points
ID: 24105259
You have said that several applications are using the sa account.
If Yes then retrieve the password from that applications
If no then there is no problem to change the sa password because no application use it. The schedule tasks in SQL Agent are not requiring the run user password (sa) so changing the password will not have any affect
Also maintenance plans etc also ate triggered through SQL Agent, so no problem again.

Only the applications will have a problem if you can't retrieve the password from them.
But it is not a good practice to allow applications accessing SQL server with sa privileges. I would suggest to change the applications user also in order to minimize the security risk.

Also I don't think that a utility of retrieving SQL sa pwd exists, the algorithm is one-way and you can't from the hash password to get the initial value...

Hope that i could help you.
Regards
0
 
LVL 11

Assisted Solution

by:bmatumbura
bmatumbura earned 300 total points
ID: 24105336
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 20

Assisted Solution

by:Marten Rune
Marten Rune earned 600 total points
ID: 24106068
Listen to dankangr or you will most probably end up with virus in your production.

If you need to 'get' the SA pwd, then stop one of the applicatons that relies on SA (witch is a really poor design by the way), now sniff your SQL network interface alternatively the application servers network, then start the application and bingo, you have the password.

There is no breaking SQL2005 passwords that I know of.

/Marten
0
 

Author Comment

by:syinfra
ID: 24130173
Hi,
How can i retrieve the password by sniff , which is the suitable sniffer for such activity.

regards
syinfra
0
 
LVL 20

Assisted Solution

by:Marten Rune
Marten Rune earned 600 total points
ID: 24131368
Microsoft has a network monitor, or there is wireshark.
The password is obfuscated, read: http://www.nextgenss.com/papers/tp-SQL2000.pdf

I believe the same 'encryption' is used in sql2005.

Personally I would change it, best practice is to change it frequently. You should not be forced to have a specific SA password ever. Then there is something wrong with the design.
 
/Marten
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Loops Section Overview
Screencast - Getting to Know the Pipeline

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question