Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 550
  • Last Modified:

Loging (hacking) into SQL Server

If you have the ability to login to a Windows server where a SQL 2008 instance is installed, do you inherently have the ability to login to the SQL server also?  Is there a way to hack into the SQL instance (if you lose the SA password, for example)?

0
DrLechter
Asked:
DrLechter
  • 4
  • 4
  • 3
1 Solution
 
chapmandewCommented:
Depends.  By default, yes.  If the DBA has any know-how, then no.
0
 
DrLechterAuthor Commented:
How would you do it, exactly?
0
 
chapmandewCommented:
So, if you're an admin on the machine that SQL server is installed, there is a possibility that youre able to log into sql through windows administration.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
BrandonGalderisiCommented:
Unless of course the local admin group was denied permissions.  But, if I recall correctly, you start SQL from the command line in single user mode, it will always startup with the local admin group having SA privileges.
0
 
DrLechterAuthor Commented:
This is just a default SQL 2008 instance.  No one has done anything special to it.  We lost the sa password.  We can still login to the Windows server, but we cannot get into the SQL server via SSMS.  If there is another way to get in, would you please give detailed procedure?
0
 
chapmandewCommented:
Are you an admin on the physical server (the builtin\administrators group)?
0
 
BrandonGalderisiCommented:
Use windows authentication to attach to the SQL Server as a user that has windows administrative privileges.  That will log you in with sysAdmin privileges.  From there, you can change the SA password.
0
 
DrLechterAuthor Commented:
yes
0
 
chapmandewCommented:
Have you tried to log into the instance using windows authentication?
0
 
DrLechterAuthor Commented:
I am a local admin on the Windows box.  However, I cannot get into the SQL server via SSMS / Windows Authentication.  SQL is denying me access.  Do local Windows Admins have default access to SQL under SQL 2008?
0
 
BrandonGalderisiCommented:
Yes, unless builtin\administrators has been removed as chapmandew stated.  The following page will show you how to start SQL from the command line.

http://msdn.microsoft.com/en-us/library/ms180965.aspx

If you start it in single user mode, you should be able to attach as a windows admin with SA privileges.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now