The SQLServerAdvisor mailing from SearchSQLServer.com had a link to a
very good article on cracking SQL Server passwords. The article, by
Kevin Beaver, shows some of the common tools available to detect when
the sa password isn't set (he references both SQLPing2 and SQLRecon and
shows screenshots of SQLPing2) as well as tools capable of cracking the
SQL Server password hashes. You can read the article here:
Password cracking tools for SQL Server
If you're responsible for the security of your organization's SQL Servers, have a look!
