finding passwords in sql server 2000
-
I have some people on the test server that are making logins and passwords for testing purposes. This is fine, but then they forget what the password was. Is there a way to query the system tables and get the password for logins or do you have to drop/recreate it. This could break code, so I would like to be able to retrieve current login/password info. Thanks!!
-
As you can probably tell by the lack of responses, there is no mechanism at least that I'm aware of available for retrieving readable sql server passwords, probably a good thing
You don't have to drop the login as you may be aware, you could just change the password if you have the appropriate rights. At least then, your objects would maintain their same permissions.
It shouldn't break code unless the password is stored somewhere in the app, in that case maybe you could find it there or just change it to the new value if it is in a connection string somewhere.
Just a thought
-
There's an undocumented utility called pwdcompare that lets you compare the value stored in the password column of the sysxlogins table against any string value. What you can do is create a table called, say, dictionary and populate it with an entire dictionary worth of words. Then you write a query that compares the passwords against each value in the dictionary table such as:
select distinct s.name, d.word as password
from dictionary d, (select * from master.dbo.sysxlogins) as s
where pwdcompare(rtrim(d.word), s.password) = 1
It's not perfect - it'll only match on proper words it finds in your table so it would find "password" but not "password123" but it's a start.
I got this from http://www.sqlsecurity.com and they also supply you (thankfully) with a fully populated dictionary table. I can't give you the exact link as our new internet security policy prevents me getting to the page(!) but if you do a Google search on "sql security dict" it'll take you there.
A google search on pwdcompare will also give you plenty information.
cheers
Gordon
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply