Solved

Loging (hacking) into SQL Server

Posted on 2010-09-13
11
537 Views
Last Modified: 2012-08-13
If you have the ability to login to a Windows server where a SQL 2008 instance is installed, do you inherently have the ability to login to the SQL server also?  Is there a way to hack into the SQL instance (if you lose the SA password, for example)?

0
Comment
Question by:DrLechter
  • 4
  • 4
  • 3
11 Comments
 
LVL 60

Expert Comment

by:chapmandew
ID: 33665997
Depends.  By default, yes.  If the DBA has any know-how, then no.
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666043
How would you do it, exactly?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33666060
So, if you're an admin on the machine that SQL server is installed, there is a possibility that youre able to log into sql through windows administration.
0
 
LVL 39

Expert Comment

by:BrandonGalderisi
ID: 33666114
Unless of course the local admin group was denied permissions.  But, if I recall correctly, you start SQL from the command line in single user mode, it will always startup with the local admin group having SA privileges.
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666177
This is just a default SQL 2008 instance.  No one has done anything special to it.  We lost the sa password.  We can still login to the Windows server, but we cannot get into the SQL server via SSMS.  If there is another way to get in, would you please give detailed procedure?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 60

Expert Comment

by:chapmandew
ID: 33666192
Are you an admin on the physical server (the builtin\administrators group)?
0
 
LVL 39

Expert Comment

by:BrandonGalderisi
ID: 33666197
Use windows authentication to attach to the SQL Server as a user that has windows administrative privileges.  That will log you in with sysAdmin privileges.  From there, you can change the SA password.
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666229
yes
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33666243
Have you tried to log into the instance using windows authentication?
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666346
I am a local admin on the Windows box.  However, I cannot get into the SQL server via SSMS / Windows Authentication.  SQL is denying me access.  Do local Windows Admins have default access to SQL under SQL 2008?
0
 
LVL 39

Accepted Solution

by:
BrandonGalderisi earned 500 total points
ID: 33666396
Yes, unless builtin\administrators has been removed as chapmandew stated.  The following page will show you how to start SQL from the command line.

http://msdn.microsoft.com/en-us/library/ms180965.aspx

If you start it in single user mode, you should be able to attach as a windows admin with SA privileges.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Truncate vs Delete 63 90
SQL Server RDS clr assembly 4 37
SQL server 2008 SP4 29 34
Database Containment - Benefits 6 26
I have written a PowerShell script to "walk" the security structure of each SQL instance to find:         Each Login (Windows or SQL)             * Its Server Roles             * Every database to which the login is mapped             * The associated "Database User" for this …
In this article I will describe the Detach & Attach method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now