I have a situation where I can log into my server as guest, and see that there is no password on the sa account. However when I try to login as sa with null password over the network it is rejected.
My question is, since there is no sa password, how can I do the equivalent of a unix sudo or su command, while logged in as guest? I looked into runas and changing passwords but guest lacks the very privilege I am trying to gain. (‘alter login sa..’ doesn’t work.)
Also, why does the server refuses login when there is no sa password?
This is SQL Server 2012 SP1 Web edition 64-bit 11.0.3153.0.
For example, there is a command in MySQL called
change_user. This command can be used as the name suggests to change a user during a MySQL session. There may be a way to do this in SQL Server but I am not a SQL Server expert so I seek more experienced input.
When signed in under the guest account, you have very few privileges by default. The
sa password is displayed as blank because you do not have the necessary rights to view it. Disabling the guest account is a security best practice, where it is not required.
sa password is almost certainly not blank. SQL Server does not allow a blank
sa password since the 2005 release.
SQL Server does provide a way to impersonate another login or user (assuming you have sufficient rights). See
EXECUTE AS (Transact-SQL) for details.
You are basically asking if there is a way to do an escalation of privileges without proper authorization. The answer is obviously NO, there is not.
If you need to gain administrative access to an instance on which local administrators are locked out follow the procedure described in Connect to SQL Server When System Administrators Are Locked Out. As a local administrator you can then grant all necessary privileges to the authorized users.