Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Loging (hacking) into SQL Server

Posted on 2010-09-13
11
Medium Priority
?
548 Views
Last Modified: 2012-08-13
If you have the ability to login to a Windows server where a SQL 2008 instance is installed, do you inherently have the ability to login to the SQL server also?  Is there a way to hack into the SQL instance (if you lose the SA password, for example)?

0
Comment
Question by:DrLechter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 60

Expert Comment

by:chapmandew
ID: 33665997
Depends.  By default, yes.  If the DBA has any know-how, then no.
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666043
How would you do it, exactly?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33666060
So, if you're an admin on the machine that SQL server is installed, there is a possibility that youre able to log into sql through windows administration.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 39

Expert Comment

by:BrandonGalderisi
ID: 33666114
Unless of course the local admin group was denied permissions.  But, if I recall correctly, you start SQL from the command line in single user mode, it will always startup with the local admin group having SA privileges.
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666177
This is just a default SQL 2008 instance.  No one has done anything special to it.  We lost the sa password.  We can still login to the Windows server, but we cannot get into the SQL server via SSMS.  If there is another way to get in, would you please give detailed procedure?
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33666192
Are you an admin on the physical server (the builtin\administrators group)?
0
 
LVL 39

Expert Comment

by:BrandonGalderisi
ID: 33666197
Use windows authentication to attach to the SQL Server as a user that has windows administrative privileges.  That will log you in with sysAdmin privileges.  From there, you can change the SA password.
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666229
yes
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 33666243
Have you tried to log into the instance using windows authentication?
0
 
LVL 4

Author Comment

by:DrLechter
ID: 33666346
I am a local admin on the Windows box.  However, I cannot get into the SQL server via SSMS / Windows Authentication.  SQL is denying me access.  Do local Windows Admins have default access to SQL under SQL 2008?
0
 
LVL 39

Accepted Solution

by:
BrandonGalderisi earned 2000 total points
ID: 33666396
Yes, unless builtin\administrators has been removed as chapmandew stated.  The following page will show you how to start SQL from the command line.

http://msdn.microsoft.com/en-us/library/ms180965.aspx

If you start it in single user mode, you should be able to attach as a windows admin with SA privileges.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi all, It is important and often overlooked to understand “Database properties”. Often we see questions about "log files" or "where is the database" and one of the easiest ways to get general information about your database is to use “Database p…
Occasionally there is a need to clean table columns, especially if you have inherited legacy data. There are obviously many ways to accomplish that, including elaborate UPDATE queries with anywhere from one to numerous REPLACE functions (even within…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question