SQL 2005 Server - sa password

[rsutoratosu]

So is there any new way to retreive sa passwords ? have a db that was setup by someone long ago.. i can reset it since I can get in using windows authentication but i dont know how many other machines have odbc connections to it

 

[nickbits]

no and you shouldn't be using sa anyway

 

[rsutoratosu]

i didn't use it, last person setup odbc connections did.. im debating should i take the time and fix it or just build a new sql server and move all the stuff over

 

[seepy83]

I haven't had to do this (and I don't have an environment to test in at the moment) but based on a couple of articles/blog posts, it looks like you may be able to dump the hash and salt from sys.sql_logins and then use a tool to crack the hash.

If you suspect that he used a short password with a small character set (only letters, for example), then you've got a pretty damn good chance at cracking it. On the other hand, if he didn't, then you probably shouldn't waste your time.

 

[KentState]

You don't have to rebuild the server to change the sa password. Just run a trace to locate where the logins are coming from and fix the odbc settings.

 

[rsutoratosu]

not rebuilding server, moving stuff to sql 2008, but incase that doesn't work, ill need to put it back to the original 2005 server