We don’t get clear text passwords on older systems or in special cases like strong passwords. How do I log in to SQLSERVER without a plaintext password and Windows hash (I don’t have sa or anything)?
Next, LET’s talk about the problem I encountered in daily water paddling: the machine of water paddling was a 445 bug in XP system, and it was a bit of a fight to go up, and then it was a bit of an operation to go up after the success, and I found that I couldn’t open the administrator password, which made me feel cold, and the data in my hand was flying like this?? It doesn’t exist. I’ve tried runas before, but it requires a password, and I can’t solve it. Then CAME the idea of Token(how to think of Token this process is not clear), since I thought of the method without a word to open the virtual machine test to see if it can work. Install a SQLSERVER2008 first
The default installation
Click on the login name to find several users can login
You can log in to the Users group (basically anyone can log in)
Delete NUILTIN\Users to simulate true stroke
That’s right :(then follow the idea to steal the Token
I stole the system Token directly, and the system Token session window will pop up.
In addition to the sa and the user who created the SQLserver, there are also system accounts and so on
Find sqlserver administration tool running in system Token
The user name is system
Psexec was used when I was paddling. Psexec was used when I was paddling
The last
I sorted out the relevant learning and related tools, friends in need can pay attention to private I oh!! 【 Details 】