ThrillKill
Aug 20 2003, 10:52 AM
hey there, been doing some reading i know its possible to get SQL password hashs from machine but you need 'sa' right or simpler,
question is if person has access to the machine remotely with Windows password is it possible to get SQL password ?
Guenter
Aug 20 2003, 11:28 AM
to read the password hash you must be dbo (sa) ther is no other easy way to do this. anyway if you have a account (low priv.) in the database you can use some of the extented storaged procedures to get full controll (sp_exe..) everone have per default the execute right on this proc. and it run under the permission of the dbo (so everone can read the password hash). for the windows administrator more possib. exist.
sorry for my bad english
guenter
ThrillKill
Aug 20 2003, 10:11 PM
yeh already know how to get the hashs and stuff main question was if its possible to get the hashs without having SQL password oh well guess not
T3cHn0b0y
Aug 21 2003, 09:27 PM
Just locate the master database! Open it with a text editor, find the sysxlogins table and use whatever methods u were to crack the hashes from there.
krackatoa
Aug 25 2003, 02:11 AM
xfocus has a windows sql password sniffer.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
