Tag: Security
-
Regain access to SQL Server via inject service
One way to regain access to SQL Server is to use a simple inject technique which overrides the current Image Path for the SQL Writer service. PsExec can alternatively be used to access SQL Server as shown in the post below. This relies on the NT AUTHORITY\SYSTEM account having been granted system administrator on…
-
Dangers of giving dbo in MSDB
I wanted to talk today about something that I have often seen in environments which is that dbo is granted to msdb without a second thought to the exact implications. So what? Its not got any user data in it, and they need dbo to perform some action not covered by the existing security to do…
-
SQL Server Login password hash
In this article we will look at how SQL Server stores passwords and how we can go about working them out. As a developer/administrator you are probably accessing SQL Server via a windows login, however the other option is when the instance is changed into mixed mode allowing SQL Logins. These logins are created within…