After you enter Query Analyzer with Windows authentication, run the following script under the master database:
1 Create proceduresp_password2 @oldsysname= NULL,--The old (current) password3 @newsysname--The new password4 @loginamesysname= NULL --user to change password on5 as6 --SETUP RUNTIME options/declare VARIABLES--7 SetNocount on8 Declare @self int9 Select @self = Case when @loginame is NULL Then 1 ELSE 2 ENDTen One --RESOLVE LOGIN NAME A if @loginame is NULL - Select @loginame = suser_sname() - the --CHECK PERMISSIONS (securityadmin per Richard waymire)-- - IF( not Is_srvrolemember('securityadmin')= 1) - and not @self = 1 - begin + DBCCAuditevent (107,@self,0,@loginame,NULL,NULL,NULL) - RAISERROR(15210,-1,-1) + return(1) A End at ELSE - begin - DBCCAuditevent (107,@self,1,@loginame,NULL,NULL,NULL) - End - - --DISALLOW USER TRANSACTION-- in SetImplicit_transactionsoff - IF(@ @trancount > 0) to begin + RAISERROR(15002,-1,-1,'sp_password') - return(1) the End * $ --RESOLVE LOGIN NAME (disallows NT names)Panax Notoginseng if not exists(Select * fromMaster.dbo.sysloginswhere -LoginName= @loginame andIsntname= 0) the begin + RAISERROR(15007,-1,-1,@loginame) A return(1) the End + - --IF non-sysadmin Attempting change to SYSADMIN, REQUIRE PASSWORD (218078)-- $ if(@self <> 1 and Is_srvrolemember('sysadmin')= 0 and exists $(SELECT * fromMaster.dbo.sysloginsWHERELoginName= @loginame andIsntname= 0 - andSysadmin= 1) ) - SELECT @self = 1 the - --CHECK old PASSWORD IF NEEDED--Wuyi if(@self = 1 or @old is not NULL) the if not exists(Select * fromMaster.dbo.sysxlogins - whereSrvid is NULL and WuName= @loginame and -( (@old is NULL andPassword is NULL)or About(Pwdcompare (@old, Password, ( Case whenXstatus&2048 = 2048 Then 1 ELSE 0 END))= 1) ) ) $ begin - RAISERROR(15211,-1,-1) - return(1) - End A + --Change the PASSWORD-- the UpdateMaster.dbo.sysxlogins - SetPassword= Convert(varbinary( the), Pwdencrypt (@new)), Xdate2= getdate(), Xstatus=Xstatus&(~2048) $ whereName= @loginame andSrvid is NULL the the --UPDATE PROTECTION TIMESTAMP for MASTER DB, to indicate SYSLOGINS change-- the exec('Use Master Grant all to NULL') the - --Finalization:return success/failure-- in if @ @error <> 0 the return(1) the RAISERROR(15478,-1,-1) About return(0)--sp_password
View Code
After the command executes successfully, the SA password is null and can go to Enterprise Manager-Security-sa-write a new password;
This time the virus invaded because the SA password is too simple 123456 similar, warning!
SQL2000 database password is replaced, reset password hint failed to find stored procedure sp_password solution