Click here to Skip to main content
12,244,322 members (43,337 online)
Click here to Skip to main content
Add your own
alternative version

Stats

440.7K views
22.6K downloads
63 bookmarked
Posted

Retrieve SQL Server Password

, 5 Oct 2006 CPOL
Rate this:
Please Sign up or sign in to vote.
This tool is used to retrieve the forgotten SQL Server Password and passwords of registered servers.
Sample Image - SQLServerPasswords.jpg

Introduction

This tool is used to retrieve the forgotten SQL Server Password. SQL Server creates the user's password hash, which is stored in the master database (sysxlogins).The user's password is converted to Unicode with the salt tacked on the end, and this is used to produce a hash with SHA 1. The same salt is added to the password when a user attempts to log in, and the resulting hash is compared to the one on record. If they match, access is granted. The hash is produced twice, against the case-sensitive password and again against the uppercase form. The uppercase 'version' is obviously a good deal easier to crack; and once we know it, finding the case-sensitive version is child's play. Indeed, there's little point in using case-sensitive passwords on your system if the crypto scheme is going to create hashes from the uppercase version, using the same salt, and then store them. Case-sensitive passwords are an improvement only so long as we're kept in the dark about their uppercase companions.
This uses Brute- force algorithm to attach SQL Server Password. Clearly Complex and long password may take few days to retrieve.

Registered Servers

Password and login ID of a registered SQL Server user in Enterprise Manager for SQL Server can be easily retrieved using SQL DMO (Distributed Management Object). Create file SQLPasswords.vbs and open it in Notepad. Add the following code and save it:

Dim pApplication
Set pApplication = CreateObject("SQLDMO.Application")
Call EnumGroups(pApplication.ServerGroups)

Sub EnumGroups(ByVal pGroups)
    Dim pServerGroup
    Dim pRegServer
    
    For Each pServerGroup In pGroups
        If pServerGroup.RegisteredServers.Count > 0 Then
     Msgbox "Group :" &  pServerGroup.Name
            For Each pRegServer In pServerGroup.RegisteredServers
                Msgbox "Name:" & pRegServer.Name
                Msgbox "Login:" & pRegServer.Login
                Msgbox "Password:" & pRegServer.Password
            Next
        End If
        If pServerGroup.ServerGroups.Count > 0 Then
            Call EnumGroups(pServerGroup.ServerGroups)
        End If
    Next
    
End Sub

Run the script and this will retrieve the passwords of registered servers using your account. If the 'Always prompt for login name and password' checkbox is not set when registering a SQL Server, the login ID and password is weakly encrypted and stored in the following registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSSQLServer\SQLEW\Registered Server X.

Recommendations

To securely use SQL Server, Microsoft recommends using Windows Integrated Security. In Windows Integrated Security mode, passwords are never stored as your Windows Domain sign-on is used as the security identifier to the database server.

History

  • 5th October, 2006: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author


You may also be interested in...

Comments and Discussions

 
SuggestionMessage Automatically Removed Pin
28-Feb-14 22:29
memberfaisael28-Feb-14 22:29 
SuggestionMessage Automatically Removed Pin
28-Feb-14 1:24
memberburrowslincoln28-Feb-14 1:24 
Question54 characters in hash Pin
boe117-Aug-12 8:47
memberboe117-Aug-12 8:47 
Questionalways say pass is raj Pin
dipan chikani14-Jun-12 20:36
memberdipan chikani14-Jun-12 20:36 
GeneralMy vote of 3 Pin
mirajvsen28-Sep-11 2:18
membermirajvsen28-Sep-11 2:18 
GeneralMy vote of 1 Pin
M Saqib Ali4-Aug-11 22:50
memberM Saqib Ali4-Aug-11 22:50 
Generaloutput in some Korean language Pin
yrajudba27-Jul-11 1:06
memberyrajudba27-Jul-11 1:06 
GeneralSQL Server Password Recovery Pin
james842110-May-11 5:38
memberjames842110-May-11 5:38 
GeneralRe: SQL Server Password Recovery Pin
Member 103095551-Oct-13 10:51
memberMember 103095551-Oct-13 10:51 
GeneralRetrieve SQL Server Password Pin
yitiana1-Sep-10 1:11
memberyitiana1-Sep-10 1:11 
GeneralMy vote of 1 Pin
Malleo7-Aug-10 0:40
memberMalleo7-Aug-10 0:40 
GeneralRe: My vote of 1 Pin
yitiana1-Sep-10 1:09
memberyitiana1-Sep-10 1:09 
GeneralRe: My vote of 1 Pin
WiredEarp24-Jul-12 16:40
memberWiredEarp24-Jul-12 16:40 
GeneralNot know what file to use Pin
Malleo7-Aug-10 0:39
memberMalleo7-Aug-10 0:39 
GeneralRe: Not know what file to use Pin
Gary Heath27-Jan-12 1:46
memberGary Heath27-Jan-12 1:46 
GeneralRetrieve SQL Server Password Pin
yitiana21-Jul-10 1:08
memberyitiana21-Jul-10 1:08 
GeneralRe: Retrieve SQL Server Password Pin
WiredEarp24-Jul-12 16:44
memberWiredEarp24-Jul-12 16:44 
Generalnot working with sql server 2005 Pin
pokiri8-Nov-08 4:13
memberpokiri8-Nov-08 4:13 
GeneralDoes this work for SQL 7.0? My password from sysxlogins is only 34 chars long Pin
wsiler16-Apr-08 11:52
memberwsiler16-Apr-08 11:52 
GeneralNo connection at ALL Pin
AWebDude20-Oct-06 6:50
memberAWebDude20-Oct-06 6:50 
QuestionHow to create stong passwords Pin
Rajneesh Noonia15-Oct-06 23:15
memberRajneesh Noonia15-Oct-06 23:15 
GeneralIts not that easy Pin
fbachan9-Oct-06 21:34
memberfbachan9-Oct-06 21:34 
GeneralRe: Its not that easy Pin
Rajneesh Noonia9-Oct-06 21:40
memberRajneesh Noonia9-Oct-06 21:40 
GeneralRe: Its not that easy Pin
nixze11-Jan-10 6:24
membernixze11-Jan-10 6:24 
GeneralA bit rich Pin
Darka6-Oct-06 2:07
memberDarka6-Oct-06 2:07 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.160426.1 | Last Updated 6 Oct 2006
Article Copyright 2006 by Rajneesh Noonia
Everything else Copyright © CodeProject, 1999-2016
Layout: fixed | fluid