tags:

views:

1023

answers:

2
+2  Q: 

Finding a legacy firebird/Interbase database password

Hi,

I have a customer that has an old non-existant application; he had a problem with the company that made the application and they won't disclose his database password. He realized that he signed a contract (back then) where it said that he was sort of "renting" the application and they had no right to disclose anything. This customer found out that he's not the only one with the same problem with that company. He's a Dentist and other dentists with the same old application experienced the same problems when trying to buy a new software and attempted to migrate their patients to the new system.

In either case, he wants to open his little firebird database, so we can at least extract some data to our SQL Servers. I have tried with the default 'masterkey' (which is, in fact, 'masterke' due to the 8 char limit) to no avail.

Now I know he could go legal and try to force the company to release his information, but I want to do it the short way. Does anybody know an app that can brute force/crack a legacy Firebird password?

Thanks.

EDIT: The legacy software is "STOMA-W", I cannot even find it on Internet. They are located in Asturias, Spain.

+5  A: 

Firebird does not (yet) store passwords inside the database file.
With this in mind, move the database file to another server where the sysdba password is known.

Douglas Tosi  2009-03-26 12:18:07
I really don't know what to do with the file. I have tried a few programs that recognize the file as a database, and prompt me for a password. But I can't get past that.Can you suggest me a tutorial how to move this little file a put it in a server where i have full SYSDBA?Thanks.
Martín Marconcini  2009-04-17 09:36:14
Only Firebird Server will recognize the file. You have to use a client (ie isql) to access the database *through* firebird. I'm not really sure what you're trying to do with the file. This is pretty basic stuff. Try googling "getting started firebird".
Douglas Tosi  2009-04-17 14:16:03
+1  A: 

On the off chance you can get to a prompt which shows the masked password, ie. password shows as "********" in a text box, you can use Snadboy's revelation to get at this password.

 2009-04-03 14:47:01

related questions

What are some good security questions?
What's a good alternative to security questions?
Protect embedded password
How do you generate passwords?
Should I impose a maximum length on passwords?
How best to generate a random string in Ruby
What is the best way to check the strength of a password?
In a client-server application: How to send to the DB the user's application password?
How does your company manage credentials?
Replacing plain text password for app
How to implement password protection for individual files?
Password generation, best practice
Unique key generation
Generating Random Passwords
Oracle lost sysdba password
How does one decrypt a PDF with an owner password, but no user password?
Storing Windows passwords.
How do I avoid having the database password stored in plaintext in sourcecode?
How do I write Firefox add-on that automatically enters proxy passwords?
How to store passwords in Winforms application?
Two-way password encryption without ssl
Disable browser 'Save Password' functionality
Simple password encryption
Best way to store a database password in a startup script / config file?
Encrypting Passwords