THE SQL Server Blog Spot on the Web

Welcome to - The SQL Server blog spot on the web Sign in | |
in Search

Argenis Fernandez

On the Topic of Lost SA Passwords on SQL Server 2000…

This blog has moved! You can find this content at the following new location:

Published Friday, January 20, 2012 12:42 AM by Argenis

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS



John said:

Is there a way of doing something similar for newer versions of SQL Server? There are plenty of posts explaining how to reset it to something you know or gain access to an instance you are locked out of, but nothing explaining how to tell you what it is.

January 21, 2012 2:18 PM

Argenis said:

@John no, I'm not aware of any means to do that. The SA password is kept in encrypted blobs in newer versions, in a way that I am not familiar with.

You can definitely capture the password from memory if it has been reset very recently though. But it's very short lived.

January 22, 2012 4:26 AM

K. Brian Kelley said:

@John, for 2005+, in memory or by brute force. You can export it, but I've not seen anyone figure out any weaknesses in the hash like with 2000 (where an all uppercase version of the password was hashed and included, thereby reducing the # of possibilities per slot and making brute forcing quicker). The reason this is important is that, unlike Windows, the SQL Server based logins contain a salt, thereby eliminating rainbow tables.

2000 (and 7) is also susceptible to intercept across the network by looking at a packet trace if the sa account is used and the connection isn't encrypted.

February 14, 2012 9:45 PM

Nice job! said:

Congrats for your explanation.

However, please tell me if you see anything wrong in the way I´m trying to do so:

1) from my windows, I log on a sqlserver 2000 8.0.2039 ap4. Say the user is server is myserve and user is john

2) once logged, I procdump -ma sqlservr.exe (always from my windows box)

3) then I string it as in your exemple.

4) then I try to search for myserverjohn, myserver and john and get no results.

Thanks a lot,


May 20, 2013 9:56 AM

Argenis said:


I unfortunately don't have a test rig for this blog post anymore - I guess I'd have to ask: was there a session established to the server under the "john" login? Also, is the "myserve" a typo in your comment?

May 29, 2013 6:01 PM

Argenis said:

Please note that I cannot vouch for any products or technologies mentioned here. Use at your own risk.

February 26, 2014 11:52 AM

aescart1 said:


this helped me a lot ! Brilliant, I was really stuck without that !

October 7, 2014 4:45 PM

Guy R said:

Thanks for this .. 10 year old system .. password lost in the mists of time ... time to upgrade and no SA password to be found .. bugger.

November 24, 2014 5:45 PM

Leave a Comment

Privacy Statement