-5

How can I recover an existing 'sa' account password?

I know I can reset the password, but that is not what I want to do. I want to recover an existing password. Can anyone assist?

I'm able to access the server using Windows authentication, but the person who original set up the server is gone and I need access to the existing 'sa' account password. Reason is there are a lot applications to point to it (don't know all) which may be using the 'sa' account.

* NOTE * For those marking this as a duplicate... it is not. Though others have asked similar question (even titled similar) if you read their question, they are asking how to reset or change the passowrd. I'm asking how to RECOVER EXISTING password.

ptownbro
  • 1,240
  • 3
  • 26
  • 44
  • 1
    well check the other app to see what password are they using. But I dont think you can recover the password – Juan Carlos Oropeza May 10 '16 at 18:12
  • 1
    If there are applications using SA password, then the password would have to be configured in those applications. Can't you just lift it from one of them? Otherwise, I think it's reset time. – Allan S. Hansen May 10 '16 at 18:12
  • You can't hack into it. If the person who originally set it up hasn't died yet, drink up your ego and waste your precious time in finding his contact details. Call him and ask the password – Chaos Legion May 10 '16 at 18:14
  • If persons that don't work in your company know your sa password, you also have a valid reason for actually changing it. – James Z May 10 '16 at 18:17
  • We are lookiing through the applications, but they currently have been of no help because the designer created multi apps with thousands of line of code and the tracing of it has been time consuming and the connection strings are buried in myriad of code. Possible... but will take time to sort through. Also... this is not about ego. We would love to ask the person, but they are not being cooperative. – ptownbro May 10 '16 at 19:36
  • We cannot just simply change it. There are applications dependent which may be dependent on the exact passwords. If you change it they will break. Assume the question... so why not just go through the Apps? we are. See my comment above – ptownbro May 10 '16 at 19:37

1 Answers1

0

I'm not sure if this applies to SQL server but there is a chance you can not recover the password. Secure authentication methods should never store the plaintext password. Usually it would go like so:

Register with username and password. Password is converted to a hash using a one way hashing algorithm. Hash is stored.

Then when logging in:

Supply username and password. Password is converted to a hash using the same algorithm. The new hash is compared against the stored hash

If the stored hash and the new hash are equal then it was an authorised login.

Jack Andrew McKay
  • 127
  • 2
  • 10
  • I was able to confirm with a Microsoft DBA that this was most likely not possible unless of an unknown hack. Your likely option is only to reset. However after a long and painful process we were able to find it through a connection string we found I'm one of the front end applications. Thanks for your help – ptownbro May 13 '16 at 01:41