October 23, 2014 at 12:26 am
Comments posted to this topic are about the item Regaining access to SQL server after changing the domain
October 23, 2014 at 4:09 am
Nice trick; I'll have to remember that.
October 23, 2014 at 6:29 am
I'm just curious, wouldn't using sa account do the same?
October 23, 2014 at 11:32 am
One would need the SA password I'm thinking.
Also, the SQLAgent user might be an interesting problem?
I like the article, and have done similar 'hacks' such as booting from a CD-ROM for default access etc.
but, why would this technique not also be considered a backdoor access even on servers not changed? I mean, anyone with an admin role to a server would be able to hack into SQL using this technique: right?
October 23, 2014 at 2:27 pm
Typically, the 'sa' account is disabled if you are using Windows authentication in SQL Server.
Also, this is an intentional "backdoor". MSDN has an article on this process entitled Connect to SQL Server When System Administrators Are Locked Out:
October 23, 2014 at 2:41 pm
Well, in the article was mentioning of application using SQL authentication, so it made me think that server is mixed.
Anyway, it was interesting food for thought. I was thinking of how I would act in the situation like this (if ever somebody decides to change a name on a domain. Just think of all the other issues people will be facing! SQL wouldn't be the biggest concern, for sure).
October 23, 2014 at 3:21 pm
It would have to be mixed in my estimation to allow the OS Administrator role member to start SQL server and add a SQL user, right. If ONLY SQL logins were allowed, then the Administrator-role-non-SQL-User, could not gain access. One would need to do more severe changes to the SQL Engine dynamics, to allow mixed mode: Thinking 'maybe' [haven't explored it yet] changing the registry entry might allow mixed mode....need to look agian.
WAIT: Google find:
can change the Login Mode via registry
October 26, 2014 at 1:00 pm
Good tip. I've done this in the past, but not via the service. I've stopped the service, opened a command prompt to the SQL Server program folder, and run the sqlservr.exe file using -c -m (which starts SQL Server in single user mode as an application rather than a service. There's another switch to use if it is a named instance. See Books Online for details). As it runs as an application, that command prompt window will essentially be locked up until sqlservr.exe finishes running. Hit Ctrl-C to quit; you will be prompted if you want to stop SQL Server.
There's probably not much benefit in running the executable directly other than you don't muck about with the service startup parameters; it's just I discovered that way of doing before the other (in fact, on reflection, it was probably because I first had to do it with SQL Server 2000, which doesn't have a Configuration Manager application, so it was easier running the .exe directly).
What should also be mentioned is that you should use sqlcmd rather than Management Studio to connect once in single user mode because SSMS has a tendency to open multiple connections (e.g. one for Object Explorer, one for a query window), so you may have difficulties administering the instance if it is in single user mode.
MARCUS. Why dost thou laugh? It fits not with this hour.
TITUS. Why, I have not another tear to shed;
--Titus Andronicus, William Shakespeare
October 28, 2014 at 8:17 am
Your posts have been deleted as off-topic. Can you please repost them as new threads in the appropriate forum for the version of SQL Server you're using?
October 28, 2014 at 10:06 am
wait, what?
October 28, 2014 at 11:09 pm
DROP PROCEDURE OFFICEUSER.SP_OFFICEUSER_INSERT_PAYROLL
CREATE OR REPLACE PROCEDURE OFFICEUSER.SP_OFFICEUSER_INSERT_PAYROLL
IS
CURSOR
C_EMP
IS
SELECT DISTINCT(EMP_NO) as emp_no FROM EMPLOYEE_PAYROLL_MASTER;
CURSOR
C_EMP_INSERT(empNo in number)
IS
SELECT * FROM EMPLOYEE_PAYROLL_MASTER WHERE EMP_PAYROLL_NO=(SELECT max(EMP_PAYROLL_NO) FROM EMPLOYEE_PAYROLL_MASTER WHERE EMP_NO= empNo ) ;
emp_seq_no NUMBER(10);
BEGIN
for R1 in C_EMP LOOP
for R2 in C_EMP_INSERT(R1.emp_no) LOOP
INSERT INTO EMPLOYEE_PAYROLL_MASTER (
EMP_PAYROLL_NO,
EMP_NO,
EMP_DESIGNATION_NO,
EMP_PAYSCALE_RANGE,
EMP_NUMBER_OF_DAYS,
EMP_BASIC,
EMP_GROSS_BASIC,
EMP_DA_NO,
EMP_DA_AMOUNT,
EMP_HRA_NO,
EMP_HRA_AMOUNT,
EMP_AGP,
EMP_FDA_AMOUNT,
EMP_IC_ALLOWANCE_AMOUNT,
EMP_SPECIAL_ALLOWANCE_AMOUNT,
EMP_GROSS_SALARY,
EMP_PF,
EMP_EPF,
EMP_PT,
EMP_LIC,
EMP_ESI,
EMP_RD,
EMP_IT,
EMP_IR,
EMP_IR_AMOUNT,
EMP_GROUP_INSURANCE_AMOUNT,
EMP_MEDICAL_CLAIM,
EMP_OTHERS,
EMP_MISCELANEOUS,
EMP_RELIEF_FUND,
EMP_CO_OP,
EMP_DEDUCTION_TOTAL,
EMP_NET_SALARY,
EMP_ACTUAL_INCREMENT_DATE,
EMP_BALANCE_INCREMENT,
EMP_INCREMENT_STATUS,
EMP_MODIFY_INCREMENT_MONTH,
EMP_SAL_MONTH,
EMP_SAL_YEAR,
EMP_MODIFY_STATUS,
EMP_MODIFY_DATE)
VALUES (EMP_PAYROLL_NO_SEQ.nextval,
R2.EMP_NO,
R2.EMP_DESIGNATION_NO,
R2.EMP_PAYSCALE_RANGE,
R2.EMP_NUMBER_OF_DAYS,
R2.EMP_BASIC,
R2.EMP_GROSS_BASIC,
R2.EMP_DA_NO,
R2.EMP_DA_AMOUNT,
R2.EMP_HRA_NO,
R2.EMP_HRA_AMOUNT,
R2.EMP_AGP,
R2.EMP_FDA_AMOUNT,
R2.EMP_IC_ALLOWANCE_AMOUNT,
R2.EMP_SPECIAL_ALLOWANCE_AMOUNT,
R2.EMP_GROSS_SALARY,
R2.EMP_PF,
R2.EMP_EPF,
R2.EMP_PT,
R2.EMP_LIC,
R2.EMP_ESI,
R2.EMP_RD,
R2.EMP_IT,
R2.EMP_IR,
R2.EMP_IR_AMOUNT,
R2.EMP_GROUP_INSURANCE_AMOUNT,
R2.EMP_MEDICAL_CLAIM,
R2.EMP_OTHERS,
R2.EMP_MISCELANEOUS,
R2.EMP_RELIEF_FUND,
R2.EMP_CO_OP,
R2.EMP_DEDUCTION_TOTAL,
R2.EMP_NET_SALARY,
R2.EMP_ACTUAL_INCREMENT_DATE,
R2.EMP_BALANCE_INCREMENT,
R2.EMP_INCREMENT_STATUS,
R2.EMP_MODIFY_INCREMENT_MONTH,
R2.EMP_SAL_MONTH,
R2.EMP_SAL_YEAR,
R2.EMP_MODIFY_STATUS,
R2.EMP_MODIFY_DATE
);
COMMIT;
END LOOP;
END LOOP;
END;
October 29, 2014 at 1:43 am
Please start a new thread for question instead of posting unrelated content in an existing thread.
Viewing 12 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply