Recover admin account from webserver with SQL 2000 db?

[Mavrick007]

I was posed this question and I'm not quite sure if my answer is correct or not.

The only information that you have is the 'sa' password for the SQL 2000 db. You can not reset the password with a 'forgot password' for the account, so can you modify the tables in the db to retrieve the password? The passwords may or may not be encrypted.

 

[KB]

The SQL password for sa won't help you change the NT admin password. You can only change other SQL account passwords.
You will have to boot from a password recovery CD and overwrite the NT password: http://home.eunet.no/pnordahl/ntpasswd/

 

[Mavrick007]

Sorry, I guess I should have been more clear. I was quite tired..

The admin account is for the website and all of the userid/passwords are stored in the "Userinfo" table within the SQL 2000 db.
I didn't mean the WinNT admin password to the server itself. I could see the password in the table but it was encrypted and supposedly once it's encrypted, it's one-way so you can not "decrypt" it. If the "admin" account password of the website was forgoten, how can you recover it without having access to another admin account which could reset the password after logging in. We just have the "sa" account for the SQL 2000 db which has access to all of the tables.

 

[MrChad]

Originally posted by: Mavrick007
Sorry, I guess I should have been more clear. I was quite tired..

The admin account is for the website and all of the userid/passwords are stored in the "Userinfo" table within the SQL 2000 db.
I didn't mean the WinNT admin password to the server itself. I could see the password in the table but it was encrypted and supposedly once it's encrypted, it's one-way so you can not "decrypt" it. If the "admin" account password of the website was forgoten, how can you recover it without having access to another admin account which could reset the password after logging in. We just have the "sa" account for the SQL 2000 db which has access to all of the tables.

So you have a custom table for your application that contains user ids and hashes of their passwords? And you want to reset one of the passwords? These aren't DB logins, but application logins, correct?

You'll have to find the algorithm that encrypts/hashes the plaintext password before storing in the database and use it to update the admin user's table record. That's the only way I can think of.

 

[Mavrick007]

Yes, that's correct, application logins to the website, not database logins.

Hehe The answer that I posed ended up being the 3rd acceptable response that they have(they didn't tell me the other two yet). They didn't think it would work but they tested it and it did.

It was pretty late but it came to me after doing a bit of research. I suggested creating a user account in the database table with the 'sa' account. Then you could use the 'forgot password' feature with the registered email specified, which would send you an unencrypted password. You would then have the encrypted password as seen in the database table for the user account and the unencrypted form. Then you can use the 'sa' account again to match the 'admin' password from the table to the same encrypted password of the new user account as seen in the table. After this, both encrypted passwords will match with the same unencrypted form which you already know 😀

It's a bit muddy, but we weren't given much information to go on and they didn't say we had access to a 'super-admin' account or any other account within the website. It worked perfectly too!