MSSQL – Find Weak Password in DB with export to CSV

Last updated on November 17th, 2019 at 10:15 am

1. Create batch script like ‘Find_TradeServer_WeakPass.bat’ and place it on either sql server or remote server

2. Insert the following commands:

Option 1: Local SQL server with Windows Authentication

Example A: (Specific role Manager ,  Password lenght <8   ,  only numerics)

sqlcmd -S 127.0.0.1 -d TradeServer -E -Q "select ALL [LoginID] ,[Password] ,[LoginType] FROM [TradeServer].[dbo].[UserLogin] WHERE LoginType='Manager' AND LEN(Password) <=8 AND ISNUMERIC (Password)=1" -o "C:\WeakPass-Numerics.csv" -s","

Example B: (Specific role Manager   ,  Password lenght <8 ,  only letters)

sqlcmd -S 127.0.0.1 -d TradeServer -E -Q "select ALL [LoginID] ,[Password] ,[LoginType] FROM [TradeServer].[dbo].[UserLogin] WHERE LoginType='Manager' AND LEN(Password) <=8 AND Password LIKE '%[^a-z]%'" -o "C:\WeakPass-Letters.csv" -s","

Option 2: Remote server with DB credentials and access to SQL server

Insert the following commands

Example A: (Specific role of users  ,  Password lenght <8  ,  only numerics)

sqlcmd -S 10.0.0.201 -U sa -P yourpass -d TradeServer -E -Q "select ALL [LoginID] ,[Password] ,[LoginType] FROM [TradeServer].[dbo].[UserLogin] WHERE LoginType='Manager' AND LEN(Password) <=8 AND ISNUMERIC (Password)=1" -o "C:\WeakPass-Numerics.csv" -s","

Example B: (Specific role of users   ,  Password lenght <8 ,  only letters)

sqlcmd -S 10.0.0.201 -U sa -P yourpass -d TradeServer -E -Q "select ALL [LoginID] ,[Password] ,[LoginType] FROM [TradeServer].[dbo].[UserLogin] WHERE LoginType='Manager' AND LEN(Password) <=8 AND Password LIKE '%[^a-z]%'" -o "C:\WeakPass-Letters.csv" -s","

3. Run the script as admin

4. When finished, check .csv files on the path (C:\) and ensure you see the net info, should be like this (Example A):