- Reset-SqlSaPassword allows administrators to regain access to local or remote SQL Servers by either resetting the sa password, adding sysadmin role to existing login, or adding a new login (SQL or Windows) and granting the login sysadmin privileges. Windows administrator access is required.
- Alternate Method to Reset SA Password In SQL Server Within Clicks. In case, if you unable to change SA password in SQL Server with above solution, then do not worry about it. We have another robust solution named as SysTools SQL Password Recovery, which helps you in changing the SA password using Master.mdf file in few simple clicks.
- Another free tool, Cain & Abel, allows you to dump and crack SQL Server password hashes, as shown in Figure 2. Figure 2: Dumping and cracking hashes with Cain & Abel (click to enlarge) With Cain & Abel, you can insert your own hashes or connect to the database via ODBC and dump them all in one fell swoop for subsequent cracking.
- In order to make this test more interesting, I used the “SA” account to log in. The SA account is the system admin account in SQL Server and can do anything. If my experiments were successful, I could do a lot of fun things with the SA account’s privileges. Once logged in, I launched Wireshark 2.0 on the SQL Server box.
Problem
In this article we will look at the procedure to Reset SA Password In SQL Server, if the SA password was forgotten or there are no users with administrative rights to MS SQL 2016. We will show how to retrieve the password of the SA account, and, if necessary, provide the necessary Windows account with MSSQL administrator rights.
From given below image you can observe the same password: email protected have been found by Metasploit. Nmap Given below command will attempt to determine username and password through brute force attack against MS-SQL by means of username and password dictionary.
Solution
Situations when an SA user is lost / forgotten on MS SQL DBMS happen quite often. As a rule, the option of reinstalling SQL and reconnecting the database is not considered, since in this time, the configuration parameters stored in the system master database will be lost.
SQL Server provides much more convenient access recovery functionality. The fact is that members of the local group of administrators of the system on which SQL Server is installed have full authority on a DBMS running in single-user mode.
By running SQL Server in single user mode, you can change the password of the SA account or grant the administrative rights to the desired Windows account.
Note: Recall that starting with SQL Server 2016, the local group of administrators of the system on which SQL Server is installed is not added by default to the sysadmin role on the SQL server.
The procedure for starting SQL Server 2016 in single-user mode and restoring access is as follows (the main condition is that you must have administrator rights on the system on which MSSQL is installed)
Full Guide to Reset SA Password In SQL Server 2016
Step 1: Open Run window by pressing Windows key along with R key. Afterward, you need to write CMD on the text box.
Step 2: To stop SQL instance from running, type net stop MSSQLSERVER command and hit the Enter key
Step 3: Stop service of the necessary SQL Server instance (in our case the name of the instance MSSQL is SQLEXPRESS ) by typing net stop MSSQL$SQLEXPRESS and press the Enter Key.
Step 4: Open the registry editor (regedit.exe) and go to the parameters section to start the SQL service: HKEY_LOCAL_MACHINESYSTEMControlSet001Services MSSQL$SQLEXPRESS
Step 5: Changing the value ImagePath , adding as an argument sqlservr.exe key « -m ». In our example, we got the following value: “C:Program FilesMicrosoft SQL ServerMSSQL13.SQLEXPRESSMSSQLBinnsqlservr.exe” -m -s SQLEXPRESS
Step 6: We start the SQL Server service: net start MSSQL$SQLEXPRESS
Step 7: SQL is now running in single user mode and allows any member of the local computer administrators group to connect to an instance of SQL Server with sysadmin privileges.
Step 8: Using SQL Server Management Studio, change the SA password or provide the sysadmin role to the required Windows account.
Tip: You can perform this operation from the sqlcmd command line: EXEC sp_addsrvrolemember ‘DOMAINUsername’, ‘sysadmin’;
It remains only to stop the SQL service, change the ImagePart key value to the original one, removing the “-m” attribute ( “C: Program Files Microsoft SQL Server MSSQL13.SQLEXPRESS MSSQL Binn sqlservr.exe” -sSQLEXPRESS” ) and start SQL Server in normal mode.
Alternate Method to Reset SA Password In SQL Server Within Clicks
In case, if you unable to change SA password in SQL Server with above solution, then do not worry about it. We have another robust solution named as SysTools SQL Password Recovery , which helps you in changing the SA password using Master.mdf file in few simple clicks.
For this, you need to stop your SQL server services.
Step 1: Open Services and right click on SQL Server then Click on Stop SQL server services
Step 2: Go to the default location of master.mdf file and make a backup copy of both (master.mdf & mastlog.ldf) in another location of your system.
Step 3: Now Download SysTools SQL password recovery and launch in your machine.
Step 4: Click on Browse button to load the master.mdf from default location into the software.
Step 5: After successfully loading the master.mdf, software will scan the file and display the list of Username created on the Server.
Step 6: Click on the User Name for which you want to reset the password and click on Reset Password button
software will again warn you to take backup of master.mdf and mastlog.ldf (Make sure you have taken a backup of both these files). Now, set a new password for your SA & User Login and click on OK
when the password is changed successfully, A message will pop-up. Click OK. Once you have done with the procedure, Go to Services, Right click on SQL server and click on Start to restart the SQL Server Services.
When the process to reset SA password in SQL Server is done, launch SQL Server Management Studio and log in via new password to verify it.
That’s all about how to reset SA Password in Microsoft SQL Server without any fail.