DEF CON SQLPublished 12 August 2013 8:14 pm
On Saturday July 27 2013, 10:37 AM EST, I was sitting with a small clan of DBAs at the SQL Saturday in Cocoa Beach, Florida (you know, the place where actual rocket scientists live and work). A colleague had a serious issue with his laptop, on which was critical information for the event. Somehow, inexplicably, his password seemed to have changed, or was no longer recognized, and he could not log in. He enlisted us to fix the problem. The hacking session that ensued, to break past the Windows login prompt, had nothing at all to do with SQL, but reminded me of some very valuable lessons for every DBA.
We didn’t know whether the problem was due to some malicious rootkit or simply an oversight by our colleague, but we rolled quickly through some preliminary checks to rule out obvious issues such as Scroll or Caps Lock enabled. One of our team retrieved a spare Apple USB keyboard in order to disprove a general keyboard malfunction.
Next, we tried a few “old school” Windows troubleshooting techniques that took me back to my Win NT 3.51 days. We tried several reboots, selecting various options such as “boot to last known good”, booting to Safe Mode, and repairing the installation. We also managed to access the BIOS and snoop around hoping an obvious disabled option would jump out at us that we could simply re-enable; no such luck.
Looks of grim determination settled on a few faces. Others rolled up their sleeves. It was time for some serious hacking, and we were going to need more hardware. A few of the team returned quickly with enough gadgets to satisfy any Netflix B-movie thriller. There was a laptop hard drive to USB cable converter, a computer toolkit, several various bootable USB thumb drives, a CD-ROM burner and 10 blank CD ROMS. Meanwhile, the rest of us hit the Internet, referencing various useful websites one or another of us had heard about, such as ninite.com and sysinernals.com, and downloading any useful software we could find, including a tool called the Root Kit Revealer, which might come in handy if indeed there was invasive code installed.
We attached the bootable USB drive but, annoyingly, the laptop would not recognize it. We tried burning a bootable CD ROM but the first two times, it failed. Despite these roadblocks, and the urgency of the situation, I have to admit, I was having fun, getting as excited as I once did back when I was a server admin, lurking late into the night on the Korn shell asking, “who am I”. There was also camaraderie in the face of adversity, some amusing banter, and a few corny jokes flying around, one or two of which even raised a collective laugh.
One the third attempt, we found the correct procedure to make the CD bootable (by choosing to “burn” and not “copy” the ISO image). We put the disk in the laptop, restarted, saw the program load up in Linux, followed a few onscreen instructions to clear the password and just like that, we were in.
I held the laptop over our heads, proudly displaying a Start button (yes, this was Windows 7 Home Edition), to thunderous applause from the throng of sponsors and attendees. The final tool we used was one familiar to all DBAs, server and network admins: the black Sharpie. With it, I wrote on the CD the words “Windows NT Password Recovery Tool”.
So what were the DBA lessons?
#1 – At various points in your career, there will be an inexplicable but calamitous occurrence that is going to require you to spend as much time as it takes, and do things you do not want to do, to resolve the problem.
#2 – Use the full resources of your team. Individually, not one of us had the necessary tools or knowledge to solve the problem, but collectively we were prepared.
#3 – If you are going to work on stressful tasks with tight deadlines, unknown outcomes, long hours and high stakes, make sure to surround yourself with interesting people who will chuckle at your dumb jokes.
(This entry originally appeared in the August 5th, 2013 edition of Database Weekly)