where do you find the “master.dbo.sysdatabases”
python3 /usr/share/doc/python3-impacket/examples/mssqlclient.py backdoor@10.129.38.38 -windows-auth
Impacket v0.9.24 - Copyright 2021 SecureAuth Corporation
Password:
[*] Encryption required, switching to TLS
[-] module ‘lib’ has no attribute ‘SSL_CTX_set_ecdh_auto’
what is the solution for this?
Just like this, you know when you try an nmap, the port 3389 RDP is already open, just connect on the server windows with remmina and after that you are physically on device
hey everyone im having trouble running mssqlclient.py i keep getting errors and have changed the code and redownloaded impacket and still having issues
‘’’
└─$ mssqlclient.py
File “/usr/local/bin/mssqlclient.py”, line 37
print “”"
^^^^^^^^^
SyntaxError: Missing parentheses in call to ‘print’. Did you mean print(…)?
‘’’
Hello everyone,
I am stuck with the second question. I connect successfully to the server, but queries do not work> When I type the query, server does not return name of the database. Could you help me, please?
I used following commands ;
SELECT name FROM master.dbo.sysdatabases;
SELECT name FROM sysdatabases;
hey folks, if anyone downloaded the standalone script mssqlclient.py directly from GitHub he will have a problem to not see the query result instead use
python3 /usr/share/doc/python3-impacket/examples/mssqlclient.py backdoor:Password1@10.129.104.196
-windows-auth
if you use kali or download the repo
3 Likes
Thank you! I was going crazy trying to figure out why select name from sys.databases or enum.db weren’t working and only gave blank results.
Thanks!
Hi!
I did the next:
-
Modify the tds.py file on /usr/local/lib/python3.11/dist-packages/impacket/
Replace: ctx = SSL.Context(SSL.TLSv1_METHOD) For: ctx = SSL.Context(SSL.TLSv1_2_METHOD) on lines 666 and line 875. (Remember use sudo) -
run python3 /usr/local/bin/mssqlclient.py < user > : < pass > @ < IP > -windows-auth
This work for me.
$ python3 /usr/share/doc/python3-impacket/examples/mssqlclient.py backdoor:Password1@10.129.230.249 -windows-auth
Traceback (most recent call last):
File “/usr/share/doc/python3-impacket/examples/mssqlclient.py”, line 25, in
from impacket.examples.mssqlshell import SQLSHELL
ModuleNotFoundError: No module named ‘impacket.examples.mssqlshell’
getting error: -
ModuleNotFoundError: No module named ‘impacket.examples.mssqlshell’
any suggestion or help ??
I keep getting this, where do i get mssqlclient.py??
Found it
run python3 /usr/local/bin/mssqlclient.py user:pass@TargetIP -windows-auth
That credentials are correct. You could try look on sweet cheat and use the HTB machine.
I lost hours using my own pc…
SQL (ILF-SQL-01\backdoor dbo@master)> select name from sys.databases
I got to this point, but I’m not getting any results from here.
lcd {path} - changes the current local directory to {path}
exit - terminates the server process (and this session)
enable_xp_cmdshell - you know what it means
disable_xp_cmdshell - you know what it means
enum_db - enum databases
enum_links - enum linked servers
enum_impersonate - check logins that can be impersonate
enum_logins - enum login users
enum_users - enum current db users
enum_owner - enum db owner
exec_as_user {user} - impersonate with execute as user
exec_as_login {login} - impersonate with execute as login
xp_cmdshell {cmd} - executes cmd using xp_cmdshell
xp_dirtree {path} - executes xp_dirtree on the path
sp_start_job {cmd} - executes cmd using the sql server agent (blind)
use_link {link} - linked server to use (set use_link localhost to go back to local or use_link … to get back one step)
! {cmd} - executes a local shell cmd
show_query - show query
mask_query - mask query
when I put in the comands from the help list I get booted out of the system.
use the full-path of mssqlclient.py