On the Topic of Lost SA Passwords on SQL Server 2000…

re: On the Topic of Lost SA Passwords on SQL Server 2000…

John — Sat, 21 Jan 2012 19:18:15 GMT

Is there a way of doing something similar for newer versions of SQL Server? There are plenty of posts explaining how to reset it to something you know or gain access to an instance you are locked out of, but nothing explaining how to tell you what it is.

re: On the Topic of Lost SA Passwords on SQL Server 2000…

Argenis — Sun, 22 Jan 2012 09:26:28 GMT

@John no, I'm not aware of any means to do that. The SA password is kept in encrypted blobs in newer versions, in a way that I am not familiar with.

You can definitely capture the password from memory if it has been reset very recently though. But it's very short lived.

re: On the Topic of Lost SA Passwords on SQL Server 2000…

K. Brian Kelley — Wed, 15 Feb 2012 02:45:39 GMT

@John, for 2005+, in memory or by brute force. You can export it, but I've not seen anyone figure out any weaknesses in the hash like with 2000 (where an all uppercase version of the password was hashed and included, thereby reducing the # of possibilities per slot and making brute forcing quicker). The reason this is important is that, unlike Windows, the SQL Server based logins contain a salt, thereby eliminating rainbow tables.

2000 (and 7) is also susceptible to intercept across the network by looking at a packet trace if the sa account is used and the connection isn't encrypted.