# Extract MSSQL Link Password

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKJbmz5LFJo_NiOuRU%2Fimage.png?alt=media\&token=658cf8fb-a9a2-4040-8209-fa69a8f7fbc3)

Step 1: Get Local Instances 

![Local Instances on the system](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKD0QucAn7uZczVGYw%2Fimage.png?alt=media\&token=45a4dc28-8896-4980-a38b-2a91f4b119fd)

Step 2 : Get the current User

![Getting the current user name](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKEYJF1B5K3kG0FMWq%2Fimage.png?alt=media\&token=e8f0745e-51ba-4816-8c23-bdedd72b5ff7)

Step 3: Get the version 

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKFrLDvlEH4t-srEg6%2Fimage.png?alt=media\&token=8e158b83-3671-49f0-9f9e-484076311f03)

Step 4: Check if you can impersonate sa

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKGzHjpiOyQV88jXz2%2Fimage.png?alt=media\&token=230f0d58-1673-4397-893a-ccc08705e233)

Step 5: Enable DAC

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKJ0DbY0n0pKOBiXEa%2Fimage.png?alt=media\&token=3e10e090-78b2-400a-8511-47ebc7016e68)

Step 6: Check if port 1434 is enabled

Step 7: If you dont see 1434 enabled see below

Step 8: Check if you have  **-T7806 in SQL Args. If you dont see below**

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKMa9gKObbZN52XMEP%2Fimage.png?alt=media\&token=7fd3897b-8502-4591-a8a0-a29c8bef08ed)

Step 9 : Add SQLArg3 as -T7806

```
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\Parameters\" -Name "SQLArg3" -Value "-T7806"  -PropertyType "String"
```

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKOlyu4s9a1ATWe1_6%2Fimage.png?alt=media\&token=0d41fc87-4bc5-4b72-a671-725cb3c0c844)

Step 10: Check if you have SQLBrowser running 

```
Get-Service | Where {$_.Name -Like "*SQLBROWSER*"}
```

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKPsOe-vEayX2jXgev%2Fimage.png?alt=media\&token=4cd4edf1-38aa-4d65-8a19-cb98e100f07b)

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKRXNe14_Bqvg7izzy%2Fimage.png?alt=media\&token=89b704f3-cae6-41fd-b707-7456f789d590)

Step 11: Check if you have named pipes enabled

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKUmtwRW8XhMGz7W0M%2Fimage.png?alt=media\&token=70dfa389-ff1a-483c-b479-1d10e53888c8)

```
Set-ItemProperty "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Np\" -Name Enabled -Value 1 -Type DWord
```

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKWa0_kMI4nqCOxd89%2Fimage.png?alt=media\&token=5bd49c46-215b-4cda-8dbb-f9729039101f)

Step 12: Restart the services

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTK_4ZZX2uEeP8G-sb6%2Fimage.png?alt=media\&token=6558945e-56e0-4e42-999c-955c4fb366e1)

Step 13: Check if UDP port  1434 is now enabled 

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKaDe6xqZHsy45z3qW%2Fimage.png?alt=media\&token=e583f8d8-753d-4782-9594-65f814397e96)

Extract the Link Password 

![](https://2978447173-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDtkWzdvgRTZWDjfsGa%2F-MTKBDzhA28INzL1ceI6%2F-MTKfPghEFQTBt_hfMim%2Fimage.png?alt=media\&token=766b47f5-5ab7-435e-9372-304f0394da3b)

Reference:

{% embed url="<https://www.mssqltips.com/sqlservertip/5364/troubleshooting-the-sql-server-dedicated-administrator-connection/>" %}

{% embed url="<https://dba.stackexchange.com/questions/200499/enabling-admin-connection-on-sql-server-express-to-fix-logon-trigger>" %}

Create SA account&#x20;

{% embed url="<https://sudeeptaganguly.wordpress.com/2010/04/20/how-to-enable-sa-account-in-sql-server/>" %}

{% embed url="<https://stackoverflow.com/questions/11343606/automatically-enable-named-pipes-tcp-ip-protocols-sql-server-2008-r2>" %}