Hacking your Microsoft SQL Server

Today a friend was complaining about how he had forgotten the sa password for his SQL Server…. Oh Dear.

If you follow Microsoft’s best practices for SQL security, as my friend did, you will have also disabled the BUILT-INAdministrators login… Oh Dear Oh Dear.

Fear not, we will have you back in within minutes, just follow these instructions:

  1. Logon to Windows on the SQL server a system administrator.
  2. Open CMD and type the following command to stop the SQL service NET STOP MSSQL, Replacing MSSQL with your server instance name, for example: MSSQL$Instance.
  3. Type NET START MSSQL /m to start SQL up in Single User Mode.
  4. Open SQL Management Studio, and connect to your server using windows authentication.
  5. Open a New Query window and type the following into the query window:

    CREATE LOGIN <username>
    WITH PASSWORD='<password>';
    SP_ADDSRVROLEMEMBER '<username>', 'sysadmin'


    CREATE LOGIN m0rph3us
    WITH PASSWORD='12345678';
    SP_ADDSRVROLEMEMBER 'm0rph3us', 'sysadmin'

  6. Click Execute. This will create the required username, with the desired password, and add that username to the sysadmin role, granting full control of the server.
  7. Close SQL Management Studio.
  8. Open CMD and type NET STOP MSSQL .
  10. Open SQL Management Studio, and connect to the server using SQL Authentication, and input the username and password we created earlier.

You should now have regained full control of your SQL server, so go ahead and change the sa password.

I know these steps definately work in Microsoft SQL Server 2005, but I have not tried it on any other version of SQL. Please let me know in the comments if you try this method in another version of SQL, and the outcome and I will updater this post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.