| Author |
Topic |
|
mysticalsun2000
Starting Member
5 Posts |
 Posted - 2006-08-22 : 12:45:01
|
| Hi there,I am novice to SQL, I have a software which uses SQL as backend. The software is made in such a way that during its installation it runs a stored procedure which deletes all users except SA. Now when I try to login to SQL either via Enterprise Manager or via query analyser it asks for password. When I put the password it gives error "Unable to connect to server. msg:18456, level 16, state 1[microsoft][odbc sql server driver][sql server] login failed for user SA. Someone told me that it is unable to connect to server. But the main thing is that I dont have any client I have only server. What could be the possible reason. 1)Is there anyway of creating a user in SQL in such a situation when there is only one user SA and it is unable to log in SQL server. 2)Or is there anyway of removing SA Password.3)Or is there anyway (in SQL SERVER) of stopping a particular procedure from getting executed while software installation.Thanking you and waiting for some kind replies.Regards,Mystical |
|
|
Srinika
Master Smack Fu Yak Hacker
1378 Posts |
Posted - 2006-08-22 : 12:53:11
|
| R u doing any kind of testing or is the DB having live data ?If there is a SP which deletes Users, its kind of weired.Srinika |
 |
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2006-08-22 : 12:57:39
|
quote:
Originally posted by mysticalsun2000
Hi there,I am novice to SQL, I have a software which uses SQL as backend. The software is made in such a way that during its installation it runs a stored procedure which deletes all users except SA. Now when I try to login to SQL either via Enterprise Manager or via query analyser it asks for password. When I put the password it gives error "Unable to connect to server. msg:18456, level 16, state 1[microsoft][odbc sql server driver][sql server] login failed for user SA. Someone told me that it is unable to connect to server. But the main thing is that I dont have any client I have only server. What could be the possible reason. 1)Is there anyway of creating a user in SQL in such a situation when there is only one user SA and it is unable to log in SQL server. 2)Or is there anyway of removing SA Password.3)Or is there anyway (in SQL SERVER) of stopping a particular procedure from getting executed while software installation.Thanking you and waiting for some kind replies.Regards,Mystical
That sounds like an incorrect sa password to me.Have a look to see wether yhou can open up EM on the DB server, and connect to the server with a member of the local, or domain, admin group. You MAY be able to connect, unless they've locked that down.*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2006-08-22 : 13:01:41
|
quote:
Originally posted by mysticalsun2000
Hi there,I am novice to SQL, I have a software which uses SQL as backend. The software is made in such a way that during its installation it runs a stored procedure which deletes all users except SA. Now when I try to login to SQL either via Enterprise Manager or via query analyser it asks for password. When I put the password it gives error "Unable to connect to server. msg:18456, level 16, state 1[microsoft][odbc sql server driver][sql server] login failed for user SA. Someone told me that it is unable to connect to server. But the main thing is that I dont have any client I have only server. What could be the possible reason. 1)Is there anyway of creating a user in SQL in such a situation when there is only one user SA and it is unable to log in SQL server.
If you can login, per my previous post, you can create additional logins and users.quote:
Originally posted by mysticalsun20002)Or is there anyway of removing SA Password.
Only if you can manage to log in. However, I would NOT receommend it, since this sounds like an application that makes use of the SA password to run - if you changed the password, it would likely no longer workquote:
Originally posted by mysticalsun20003)Or is there anyway (in SQL SERVER) of stopping a particular procedure from getting executed while software installation.
Well, if you can changed the installation script, yes. Altern atively (and again, I don't recommend this), if you remove/rename the stored procedure before it get's called, then it would not run. If you created a 'stub' proceudre that retujrned a 'suiccessful' response, but did nothing, then the code might work... This seems like a bad thing to do, since I'm certain that this would invalidate warranty/support agreement, and possibly even licensing...*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2006-08-22 : 13:21:37
|
| You need to contact the vendor for their sa password. We can not help you crack it. There is a reason why they locked everything down.Tara Kizer |
|
|
|
mysticalsun2000
Starting Member
5 Posts |
Posted - 2006-08-22 : 22:34:29
|
| Hi There,Thanks for all replies. Kindly let me know only three things 1)Miss Tara I knew that no one in any forum will help me in cracking a password so I dont expect that. 2)I just want to know is there any way of using a control key while giving password (because in my password i have it like m^y, so it can be ctl + Y, but when i try to put ctrl it doesn't gives me any character) or is there any way of creating a user which cannot be deleted by SA or a hidden user which cannot be seen.3)Is there any way we can specify in SQL that if this procedure is trying to execute then stop it and move to next procedure execution.Thanks again.Mystical |
|
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2006-08-23 : 05:10:47
|
quote:
Originally posted by mysticalsun2000
Hi There,Thanks for all replies. Kindly let me know only three things 1)Miss Tara I knew that no one in any forum will help me in cracking a password so I dont expect that. 2)I just want to know is there any way of using a control key while giving password (because in my password i have it like m^y, so it can be ctl + Y, but when i try to put ctrl it doesn't gives me any character) or is there any way of creating a user which cannot be deleted by SA or a hidden user which cannot be seen.
I don't know. Have you tried typing that, rather than copy and paste?quote:
Originally posted by mysticalsun20003)Is there any way we can specify in SQL that if this procedure is trying to execute then stop it and move to next procedure execution.
not really, no. That is a change to the application - since I assume that the application is robustly coded, and would fail if the delete_users sp (or whatever it is called) failed.If you HAVE to do this (bear in mind what I said about licensing), I would say you should focus on getting the correct SA password from the application provider/server installer, and then, after the installation has completed, add your necessary users.*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2006-08-23 : 05:18:14
|
| Is even the builtin administrator account gone?If there was nothing to read about this approach (deleting all accounts) in the installation instructions, I'd say this is nearly criminal.Peter LarssonHelsingborg, Sweden |
|
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2006-08-23 : 05:27:58
|
quote:
Originally posted by Peso
Is even the builtin administrator account gone?If there was nothing to read about this approach (deleting all accounts) in the installation instructions, I'd say this is nearly criminal.Peter LarssonHelsingborg, Sweden
That's debatable, I guess. I think what is more likely is that the SQL Server has been locked down, rather than the server. For DB's that require it, it can be a good practice to remove the ability for local admin to sign-on to SQL, thus ensuring that only 'approved' users (i.e. those added explicitly) have access to the server. This can stop server admins from logging onto a SQL db that contains, for example, the company salary database...*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2006-08-23 : 06:54:27
|
| We had a thread a few months ago about an ACT! database server installation that was locked down like this. It was a seperate instance on a database server that was locked down. On their web site it said you could buy the password for $1,000.I have a feeling we don't have the whole story on this one.CODO ERGO SUM |
|
|
|
Wanderer
Master Smack Fu Yak Hacker
1168 Posts |
Posted - 2006-08-23 : 06:57:56
|
quote:
Originally posted by Michael Valentine Jones
We had a thread a few months ago about an ACT! database server installation that was locked down like this. It was a seperate instance on a database server that was locked down. On their web site it said you could buy the password for $1,000.I have a feeling we don't have the whole story on this one.CODO ERGO SUM
Nice to know I'll never, ever want to work with that company... That's shocking (imho)*##* *##* *##* *##* Chaos, Disorder and Panic ... my work is done here! |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2006-08-23 : 07:04:34
|
| I believe that they were also asserting that the data in the database belonged to them.CODO ERGO SUM |
|
|
|
mysticalsun2000
Starting Member
5 Posts |
Posted - 2006-08-23 : 12:43:52
|
| Thanks everyone, I never expected such a good response. The password seems correct, since i used 3 to 4 applications and each of them gave me the same password. Moreover while installation of the software it runs a procedure which had statement something like thisIf user is not SA then deleteThe password seems to be stored in master database, because i uninstalled the sql software and reinstalled it and attached my database it was able to open the sql as well as my database. The problem was while running the application it gave error saying password error. Is there other way.Thanks again,Bye |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2006-08-23 : 13:52:31
|
quote:
Originally posted by mysticalsun2000
Thanks everyone, I never expected such a good response. The password seems correct, since i used 3 to 4 applications and each of them gave me the same password. Moreover while installation of the software it runs a procedure which had statement something like thisIf user is not SA then deleteThe password seems to be stored in master database, because i uninstalled the sql software and reinstalled it and attached my database it was able to open the sql as well as my database. The problem was while running the application it gave error saying password error. Is there other way.Thanks again,Bye
The vendor has coded it to use application security rather than SQL/Windows authentication for the data access. You'll probably find a Users table of some sort that stored userids and passwords. The passwords will almost certainly be encrypted. To decrypt, you'd have to know the encryption technique plus the vendor's key to unlock it. All of this would require development knowledge of the application, which only the vendor has.Tara Kizer |
|
|
|
|
Unable to login, only one user SA