Hack yourself in to get sysadmin rights on a sql server

Daar we hier op ons project geen enkele account met sysadmin-access hebben op de sql servers (die zijn overgekocht van het andere bedrijf), moest deze morgen alles even “gehacked” worden om toch volledige toegang te krijgen.

Problem: you don’t have sysadmin access to a sql server
you need: a recent backup from the master database + a normal sql user account

1. Restore that recent backup on another sql server with another name
2. open table sysxlogins in the master database and change the xstatus-column to 18 for a known user-account.
status 18 = binair 10010 = you get sysadmin permission + you get access (see read more for more options)

3. dettach this database from the server and copy the master.mdf and mastlog.ldf file to the locked sql server
4. On the locked server you have to stop the sql server service and overwrite the original master.mdf and mastlog.ldf files
5. Startup the service again and log in with the known useraccount and you will see that you have now sysadmin access on that server!

xstatus column
Purpose Bit Description
denylogin 1 Indicates whether the login account is permitted access to the server.
hasaccess 2 Indicates whether the login account is permitted access to the server.
isntname 3 Is the name a Windows NT account name?
isntuser 4 Is the account a Windows NT user account?
sysadmin 5
0 = not a member
1 = is a member
securityadmin 6
serveradmin 7
setupadmin 8
processadmin 9
diskadmin 10
dbcreator 11
bulkadmin 12

Herman Maes - online marketeer DPO freelancer


Marketing strateeg en docent (Thomas More/UHasselt). Sinds 2002 reeds techblogger. Freelancer vanuit Dailybits rond SEO/HubSpot/Marketing strategie/GDPR/... en daarnaast ook gewoon papa thuis.