Comment on page
Extract MSSQL Link Password

Step 1: Get Local Instances

Local Instances on the system
Step 2 : Get the current User

Getting the current user name
Step 3: Get the version

Step 4: Check if you can impersonate sa

Step 5: Enable DAC

Step 6: Check if port 1434 is enabled
Step 7: If you dont see 1434 enabled see below
Step 8: Check if you have -T7806 in SQL Args. If you dont see below

Step 9 : Add SQLArg3 as -T7806
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\Parameters\" -Name "SQLArg3" -Value "-T7806" -PropertyType "String"

Step 10: Check if you have SQLBrowser running
Get-Service | Where {$_.Name -Like "*SQLBROWSER*"}


Step 11: Check if you have named pipes enabled

Set-ItemProperty "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Np\" -Name Enabled -Value 1 -Type DWord

Step 12: Restart the services

Step 13: Check if UDP port 1434 is now enabled

Extract the Link Password

Reference:
Create SA account
Last modified 2yr ago