Changing passwords with OSQL

  • In the past when our deskside folks got a nasty-gram from security that a null or weak password was found for a MSDE account (sa usually), we could usually use OSQL remotely if needed to change it. Either using the -E switch or actually exploiting the null or weak sa account password if needed/possible using the -U and -P switches:

    osql -S PCNameOrIP,port# -U sa -P "" -Q "sp_password NULL,'PasswordWewanttoUse!',sa"

    Now for all XP PCs I get:

    [DBNETLIB]SQL Server does not exist or access denied.

    [DBNETLIB]ConnectionOpen (Connect()). 

    But I can then use something like PSEXEC and connect to the box. Then run: 

    osql -S 127.0.0.1,port# -U sa -P "" -Q "sp_password NULL,'PasswordWewanttoUse!',sa"

    And the password changes! I thought it might be our firewall software, but I just verified it happens on PCs that didn't have it loaded or the XP one enabled (or any other firewall software). This started about 4 months ago IIRC. Anyway it is making changing them remotely (when we have to - normally we give the dev guys a chance to change it) a pain! 🙂

    For the null sa ones, I can point Eeye's free scanner at them and they show vulnerable, but I can't connect remotely to them with OSQL or ISQL.

    Any suggestions?

    Thanks,

    Frank

     

  • Check the network libraries enabled for MSDB. Run svrnetcn.exe to set the Network Libraries if you can connect via terminal services or are logged in from the console. In a typical SQL Server 2000 install it's at C:\Program Files\Microsoft SQL Server\80\Tools\Binn.

    K. Brian Kelley
    @kbriankelley

  • I checked one and see: Named Pipes and TCP/IP under enabled... under Properties for TCP/IP I see the same port number I connect to for the PC using OSQL (or try to remotely - it does work when ran locally as I mentioned)

  • Chances are BUILTIN\Administrators has been left in with sysadmin rights. Are you able to connect using Windows authentication and an account that has administrative rights to the server on which MSDE is installed?

    K. Brian Kelley
    @kbriankelley

  • Hold on. Are the MSDEs installed on XP PCs? If so, are those PCs running the Windows firewall?

    K. Brian Kelley
    @kbriankelley

  • Hehehe.  OK I can see you didn't read my first post... No the firewall was ruled out. I'll post back if I ever get it sorted. Thanks for your time though!

  • The only reason I ask about that is I have seen the firewall re-enable itself and we had one case where we thought we had ruled out the firewall and went back and found it to be on. Granted, we had a switch in primary users for the computer, but that's what nipped us.

    Can you make a telnet connection to the system to the port it is supposed to be listening on? When you run a netstat -an on the computer running MSDE, do you see that port marked for listening?

    K. Brian Kelley
    @kbriankelley

  • Till the SQL Server has SP3 of SQL installed it is not suppossed to let tcp/ip traffic in i under XP and 2003 OS.

    Tim S

  • Yes... No firewall. And netstat shows it listening on the port... and without even going back to it I knew this to be true as the free Class-C version of the "Eeye Retina SQL Worm Scanner" shows the ones with the NULL sa as vulnerable once you enter the correct port number (assuming non-def 1433) in the scanner.

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply