Click here to Skip to main content
Click here to Skip to main content

Retrieve SQL Server Password

By , 5 Oct 2006
Rate this:
Please Sign up or sign in to vote.
Sample Image - SQLServerPasswords.jpg

Introduction

This tool is used to retrieve the forgotten SQL Server Password. SQL Server creates the user's password hash, which is stored in the master database (sysxlogins).The user's password is converted to Unicode with the salt tacked on the end, and this is used to produce a hash with SHA 1. The same salt is added to the password when a user attempts to log in, and the resulting hash is compared to the one on record. If they match, access is granted. The hash is produced twice, against the case-sensitive password and again against the uppercase form. The uppercase 'version' is obviously a good deal easier to crack; and once we know it, finding the case-sensitive version is child's play. Indeed, there's little point in using case-sensitive passwords on your system if the crypto scheme is going to create hashes from the uppercase version, using the same salt, and then store them. Case-sensitive passwords are an improvement only so long as we're kept in the dark about their uppercase companions.
This uses Brute- force algorithm to attach SQL Server Password. Clearly Complex and long password may take few days to retrieve.

Registered Servers

Password and login ID of a registered SQL Server user in Enterprise Manager for SQL Server can be easily retrieved using SQL DMO (Distributed Management Object). Create file SQLPasswords.vbs and open it in Notepad. Add the following code and save it:

Dim pApplication
Set pApplication = CreateObject("SQLDMO.Application")
Call EnumGroups(pApplication.ServerGroups)

Sub EnumGroups(ByVal pGroups)
    Dim pServerGroup
    Dim pRegServer
    
    For Each pServerGroup In pGroups
        If pServerGroup.RegisteredServers.Count > 0 Then
     Msgbox "Group :" &  pServerGroup.Name
            For Each pRegServer In pServerGroup.RegisteredServers
                Msgbox "Name:" & pRegServer.Name
                Msgbox "Login:" & pRegServer.Login
                Msgbox "Password:" & pRegServer.Password
            Next
        End If
        If pServerGroup.ServerGroups.Count > 0 Then
            Call EnumGroups(pServerGroup.ServerGroups)
        End If
    Next
    
End Sub

Run the script and this will retrieve the passwords of registered servers using your account. If the 'Always prompt for login name and password' checkbox is not set when registering a SQL Server, the login ID and password is weakly encrypted and stored in the following registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSSQLServer\SQLEW\Registered Server X.

Recommendations

To securely use SQL Server, Microsoft recommends using Windows Integrated Security. In Windows Integrated Security mode, passwords are never stored as your Windows Domain sign-on is used as the security identifier to the database server.

History

  • 5th October, 2006: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author


Comments and Discussions

 
SuggestionPerform Triumphant SQL Password Recovery Pinmemberfaisael28-Feb-14 21:29 
SuggestionRecover SQL Password with Ease Pinmemberburrowslincoln28-Feb-14 0:24 
Question54 characters in hash Pinmemberboe117-Aug-12 7:47 
Questionalways say pass is raj Pinmemberdipan chikani14-Jun-12 19:36 
GeneralMy vote of 3 Pinmembermirajvsen28-Sep-11 1:18 
GeneralMy vote of 1 PinmemberM Saqib Ali4-Aug-11 21:50 
Generaloutput in some Korean language Pinmemberyrajudba27-Jul-11 0:06 
GeneralSQL Server Password Recovery Pinmemberjames842110-May-11 4:38 
GeneralRe: SQL Server Password Recovery PinmemberMember 103095551-Oct-13 9:51 
GeneralRetrieve SQL Server Password Pinmemberyitiana1-Sep-10 0:11 
GeneralMy vote of 1 PinmemberMalleo6-Aug-10 23:40 
GeneralRe: My vote of 1 Pinmemberyitiana1-Sep-10 0:09 
GeneralRe: My vote of 1 PinmemberWiredEarp24-Jul-12 15:40 
GeneralNot know what file to use PinmemberMalleo6-Aug-10 23:39 
GeneralRe: Not know what file to use PinmemberGary Heath27-Jan-12 0:46 
GeneralRetrieve SQL Server Password Pinmemberyitiana21-Jul-10 0:08 
GeneralRe: Retrieve SQL Server Password PinmemberWiredEarp24-Jul-12 15:44 
Generalnot working with sql server 2005 Pinmemberpokiri8-Nov-08 3:13 
GeneralDoes this work for SQL 7.0? My password from sysxlogins is only 34 chars long Pinmemberwsiler16-Apr-08 10:52 
GeneralNo connection at ALL PinmemberAWebDude20-Oct-06 5:50 
QuestionHow to create stong passwords PinmemberRajneesh Noonia15-Oct-06 22:15 
GeneralIts not that easy Pinmemberfbachan9-Oct-06 20:34 
GeneralRe: Its not that easy PinmemberRajneesh Noonia9-Oct-06 20:40 
GeneralRe: Its not that easy Pinmembernixze11-Jan-10 5:24 
GeneralA bit rich PinmemberDarka6-Oct-06 1:07 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web01 | 2.8.140415.2 | Last Updated 6 Oct 2006
Article Copyright 2006 by Rajneesh Noonia
Everything else Copyright © CodeProject, 1999-2014
Terms of Use
Layout: fixed | fluid