Sqlserver-dba.com - SQL Server support and SQL Server Performance Tuning
    SQL Server DBA:Everything | DBA Scripts | Powershell Scripts | DBA checklists | SQL Antipattern | Wait Stats | SQL Server Performance Tuning

Search sqlserver-dba.com

Follow sqlserver-dba.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

SQLServer-DBA.com Links

Dba_db2_button

dba-ninja.com

Recent Posts

SQL Server DBA Jobs

How to crack the SQL Login password from sys.syslogins

03 February,2015 by Tom Collins

A fellow DBA forgot the password for a SQL login and hadn’t lodged the password in the Password vault. One option was to change the SQL login but as the SQL Server instance supported  Production applications , it was important to maintain uptime , he didn’t want to ask the application owners to modify the password on the connection strings. He’d use this method as a last resort

He requested if I knew how to crack the SQL login password. There a number of methods to crack passwords. Methods employed by hackers are used to break into SQL Servers , particularly if the sa password is NULL or is a weak password. More about the dangers of weak passwords,10 million passwords unmasked

A typical method is to Brute Force the login password with common list of passwords. There are plenty of lists involved. Once the sa password is cracked , it doesn’t take much to take control of xp_cmdshell, and then it’s party time!

This method gave me an idea. I mentioned to the DBA the possibility of comparing the password encoded values with some “potential” passwords he may have set up, Such as common patterns.

He could use some password options and employ the pwdcompare function. 

How to use  pwdcompare and find the  SQL login password.

If the password attempt matches a password in sys.syslogins , the username is returned.

 

SELECT name FROM sys.syslogins
WHERE pwdcompare('my_password', password) = 1


Read More securing SQL Server and protection against hackers

Find Weak passwords in SQL Server - SQL Server DBA

Database Security Countermeasures against hacker attacks - SQL ...

SQL Server Security Policy - SQL Server DBA


Author: Tom Collins (http://www.sqlserver-dba.com)


Share:

Posted by Tom Collins at 11:42 AM in Security Management | Permalink | Comments (2)

Searches: , , , ,

The method described for this topic is useless as the dba has most likely tried all possible SQL password combinations against the database. This is not cracking anything, simply comparing 'known passwords' against a SQL user.

*Unless the dba has a password list too long to attempt authenticating 1 by 1..

Posted by: na | Mar 19, 2015 12:09:56 PM

na, Password cracking is done by either repeatedly guessing the password, usually through a computer algorithm in which the computer tries numerous combinations until the password is successfully discovered.
It wouldn't take much work to iterate through a list of password lists - and execute the pwdcompare function.
There are plenty of password lists available on the internet

Posted by: Jack Vamvas | Mar 20, 2015 6:08:08 AM

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on How to crack the SQL Login password from sys.syslogins

sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer