Comment on page
Extract MSSQL Link Password

​
​
Step 1: Get Local Instances 
Local Instances on the system
Step 2 : Get the current User
Getting the current user name
Step 3: Get the version 
Step 4: Check if you can impersonate sa
Step 5: Enable DAC
Step 6: Check if port 1434 is enabled
Step 7: If you dont see 1434 enabled see below
Step 8: Check if you have  -T7806 in SQL Args. If you dont see below
Step 9 : Add SQLArg3 as -T7806
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\Parameters\" -Name "SQLArg3" -Value "-T7806"  -PropertyType "String"
Step 10: Check if you have SQLBrowser running 
Get-Service | Where {$_.Name -Like "*SQLBROWSER*"}
Step 11: Check if you have named pipes enabled
Set-ItemProperty "HKLM:\Software\Microsoft\Microsoft SQL Server\MSSQL15.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Np\" -Name Enabled -Value 1 -Type DWord
Step 12: Restart the services
Step 13: Check if UDP port  1434 is now enabled 
Extract the Link Password 
​
Reference:
Troubleshooting the SQL Server Dedicated Administrator Connection
mssqltips
Enabling admin connection on SQL Server Express to fix logon trigger
Database Administrators Stack Exchange
Create SA account 
How to enable sa Account in SQL Server?
SQL.... Still Learning
Automatically enable Named Pipes & TCP/IP protocols SQL Server 2008 R2
Stack Overflow
Red Team - Previous
Database
MSSQL Link Crawl - OpenQuery Quotes Calculator
Last modified 2yr ago