Hi,
I was shown recently at a training session an article that showed how
your could break the sa password by using network monitoring tools and some
other steps. I am currently trying to find this myself so I can show the
developers at my company one of the reasons I am opposed to the sa account
being used and SQL logins in general.
Does anyone out there know where this article would be or what the exact
process is so I can replicate it quickly.
Cheers,
JohnWhen one uses a relatively anonymous moniker, John,
<John@.discussions.microsoft.com>", how would we know that you aren't just
trying to hack into someone's database and you are trying to get us to help
you?
;-)
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
"John" <John@.discussions.microsoft.com> wrote in message
news:9DB6A662-08C1-41FB-81A8-18BC7D4FCBF1@.microsoft.com...
> Hi,
> I was shown recently at a training session an article that showed how
> your could break the sa password by using network monitoring tools and
> some
> other steps. I am currently trying to find this myself so I can show the
> developers at my company one of the reasons I am opposed to the sa account
> being used and SQL logins in general.
> Does anyone out there know where this article would be or what the exact
> process is so I can replicate it quickly.
> Cheers,
> John|||Well Arnie, how do we know who anyone really is over the internet. Besides
John is my name but I don't want the entire world to have all my details
especially anyone trawling through forums for personal details to SPAM or
send marketing material through too. I can also not be bothered setting up
a
hotmail bogus account as this wa y I still get emails when my posts are
replied to sent to my work email.
On a more interesting note, do you happen to know the location of the
article I am interested in. From memory it uses SQLPing2 which I already
have downloaded.
"Arnie Rowland" wrote:
> When one uses a relatively anonymous moniker, John,
> <John@.discussions.microsoft.com>", how would we know that you aren't just
> trying to hack into someone's database and you are trying to get us to hel
p
> you?
> ;-)
> --
> Arnie Rowland, Ph.D.
> Westwood Consulting, Inc
> Most good judgment comes from experience.
> Most experience comes from bad judgment.
> - Anonymous
>
> "John" <John@.discussions.microsoft.com> wrote in message
> news:9DB6A662-08C1-41FB-81A8-18BC7D4FCBF1@.microsoft.com...
>
>|||It sounds like this may be the article you are referring to:
http://searchsqlserver.techtarget.c...00.h
tml
-Sue
On Mon, 25 Sep 2006 19:36:02 -0700, John
<John@.discussions.microsoft.com> wrote:
>Hi,
> I was shown recently at a training session an article that showed how
>your could break the sa password by using network monitoring tools and some
>other steps. I am currently trying to find this myself so I can show the
>developers at my company one of the reasons I am opposed to the sa account
>being used and SQL logins in general.
>Does anyone out there know where this article would be or what the exact
>process is so I can replicate it quickly.
>Cheers,
>John|||I have an example of a TSQL function that will do the job as part of the
following presentation
http://www.sqldbatips.com/presentat...HACKING_SQL.zip
Note that SQL2005 doesn't use the same method, it uses a self signed
certificate to properly encrypt the login handshake as opposed to SQL2000
which basically just uses obsfucation.
HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
"John" <John@.discussions.microsoft.com> wrote in message
news:9DB6A662-08C1-41FB-81A8-18BC7D4FCBF1@.microsoft.com...
> Hi,
> I was shown recently at a training session an article that showed how
> your could break the sa password by using network monitoring tools and
> some
> other steps. I am currently trying to find this myself so I can show the
> developers at my company one of the reasons I am opposed to the sa account
> being used and SQL logins in general.
> Does anyone out there know where this article would be or what the exact
> process is so I can replicate it quickly.
> Cheers,
> John
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment