MS SQL 2012/2014 password recovery for user

If you have access to the server but you would like to recover sa password or a user’s password you can use this simple technique:

On the server execute

SELECT password_hash FROM sys.sql_logins where name=’sa’

The output will look like this:


Copy this to the Kali Linux machine to a text file Рonly one row. After that is up to you to decide which tool you can use Рhashcat, johnny or john, and also which technique РSingle crack, Wordlist, Incremental or something else. I will use Johnny, as the easiest one Рonly thing you need is to Open Password File and Start Attack

Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *