4

I have a customer that has an old non-existant application; he had a problem with the company that made the application and they won't disclose his database password. He realized that he signed a contract (back then) where it said that he was sort of "renting" the application and they had no right to disclose anything. This customer found out that he's not the only one with the same problem with that company. He's a Dentist and other dentists with the same old application experienced the same problems when trying to buy a new software and attempted to migrate their patients to the new system.

In either case, he wants to open his little firebird database, so we can at least extract some data to our SQL Servers. I have tried with the default 'masterkey' (which is, in fact, 'masterke' due to the 8 char limit) to no avail.

Now I know he could go legal and try to force the company to release his information, but I want to do it the short way. Does anybody know an app that can brute force/crack a legacy Firebird password?

Thanks.

EDIT: The legacy software is "STOMA-W", I cannot even find it on Internet. They are located in Asturias, Spain.

Wolf
  • 8,482
  • 7
  • 48
  • 92
Martin Marconcini
  • 23,346
  • 18
  • 98
  • 135
  • 1
    If you have access to the database file you can move it to a server where "masterkey" gives you full SYSDBA access to the database, can't you? – mghie Mar 26 '09 at 11:54

3 Answers3

8

Firebird does not (yet) store passwords inside the database file.
With this in mind, move the database file to another server where the sysdba password is known.

Douglas Tosi
  • 2,232
  • 2
  • 18
  • 18
  • I really don't know what to do with the file. I have tried a few programs that recognize the file as a database, and prompt me for a password. But I can't get past that. Can you suggest me a tutorial how to move this little file a put it in a server where i have full SYSDBA? Thanks. – Martin Marconcini Apr 17 '09 at 09:36
  • Only Firebird Server will recognize the file. You have to use a client (ie isql) to access the database *through* firebird. I'm not really sure what you're trying to do with the file. This is pretty basic stuff. Try googling "getting started firebird". – Douglas Tosi Apr 17 '09 at 14:16
4

Old Interbase and Firebird had hardcoded backdoor password you might want to try:

user: politically pass: correct

http://www.theregister.co.uk/2001/01/12/borland_interbase_backdoor_exposed

avra
  • 3,671
  • 16
  • 19
1

Provided not for the SYSDBA account, you may reset forgotten passwords for users with FlameRobin. After registering the database server on your localhost, use the Manage users... function in the context menu:

enter user management with flame robin

Here you get a list of users with options to delete or view/modify properties. If you click on the properties icon, you enter this dialogue where you simply enter the new password twice:

enter image description here

There is also IBConsole which comes packaged with the InterBase/Firebird SDK. It has similar functions.

Wolf
  • 8,482
  • 7
  • 48
  • 92