I start working on an old software of which I just forget the password. I go through the SQL Server 2008 database and found it is saved in the encrypted form
0xA77F9B75A183A3836540FBBE11963F771ED41BBE
there. I want to decrypt the password column and want to know the real password. So that I can access my application.
Thanks in advance
therewere no way you can decrypted, but if MD5 you could try the fallowing http://www.md5online.org/ they will cracked for you. but if you were unhappy with this answer and your programm is valuable for, try this http://www.devart.com/dbforge/sql/sqldecryptor/
Related
Is there a feature in SQL Server that makes the values we give for "passwords" encrypted/encoded? If not, what is the simplest way to encode my passwords and store them in a table?
There is a function called PWDENCRYPT that will help you do this
I study SQLInjection testing it on one site, that use Microsoft SQL Server 2008.
sqlmap-dev$ python sqlmap.py -u "https://site?id=239" --current-user --current-db -b --users --privileges --passwords
Receive users login and hashed password:
Like this: 0x01005847e7a1ffa21b9c6811420f0e502612c8dd976f685f63a6
The question is, how I can know it?
I understand that I cannot really reverse the hashed string.
I find this: https://stackoverflow.com/a/18154134/2264941
As I understand:
0x0100 - use SHA1
5847e7a1 - salt
ffa21b9c6811420f0e502612c8dd976f685f63a6 - hashed password with salt
Is this algoritm correct for MS SQL 2008 ?
Maybe there is some online instruments that can help me?
You cannot do this. That is literally the whole point in hashing and salting... You could try a password cracker but it will take A LONG TIME.
I want to decrypt password in SQL Server 2012 using DES to send that password in the mail using a SQL Server job.
Can anyone help me?
Thanks in advance.
You shouldn't really be de-encrypting passwords. And either not send passwords thru the emails!
And no, there's usually a random salt in the encryption, so you cannot decrypt it like that. Only Brute Force, because it's weak encryption method nowadays.
For Brute Force you can use for example pwdcompare - More at MSDN pwdcompare
Have a good day everybody, I'm working with SQL SERVER 2008, developing a simple login. Now I'm encrypting the password with this funtion
SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('MD5', #cont)),3,32)
It's work perfect, if I put pass = 123 then return 202cb962ac59075b964b07152d234b70, but I need to know how to decrypt and return again 123
I hope somebody can help me, Thanks
MD5 is a hash, its like an Identifier of a value, so it might or might not contain the actual data.
I have a mssql 2005 and software (that written by visual basic 6) and the software connects to the mssql.(local)
but the problem is that the "sa" user password changes every day!
And the company that write this software does not give us the password.
And the windows authentication does not work and I think that they delete the windows user too.
I searched on the msdn and ... that i found in the LAN, packets from clients were encrypted in SSL type and sent to the mssql and in a specific packet it includes the username and password of the db, and if that user&pass is same with db user&pass it can be full access to db.
I used backtrack & metasploit but it use dictionary for attack but it did not help me .
I used wireshark for finding that specific packet , then i think i found it (99% I sure) but that packet has a lot of unclear characters and i could not find those.
do you think that if i use SSLSTRIP to make a fake certificate then use it between client and server (as a gateway) can i get that? How?
can I use single user mode to add any user to mssql? How?
You are totally approaching this from the wrong angle. You have a software package that goes at extra lengths to prevent access to your data. You problem is the vendor, ditch him. Use a different software, one that has a rational vendor behind it.
Here are the MSDN official, approved, methodology to regain access on a SQL Server that had locked out administrators: Connect to SQL Server When System Administrators Are Locked Out