Links

Extract MSSQL Link Password

Step 1: Get Local Instances
Local Instances on the system
Step 2 : Get the current User
Getting the current user name
Step 3: Get the version
Step 4: Check if you can impersonate sa
Step 5: Enable DAC
Step 6: Check if port 1434 is enabled
Step 7: If you dont see 1434 enabled see below
Step 8: Check if you have -T7806 in SQL Args. If you dont see below
Step 9 : Add SQLArg3 as -T7806
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\Parameters\" -Name "SQLArg3" -Value "-T7806" -PropertyType "String"
Step 10: Check if you have SQLBrowser running
Get-Service | Where {$_.Name -Like "*SQLBROWSER*"}
Step 11: Check if you have named pipes enabled
Set-ItemProperty "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Np\" -Name Enabled -Value 1 -Type DWord
Step 12: Restart the services
Step 13: Check if UDP port 1434 is now enabled
Extract the Link Password
Reference:
Create SA account