When runnin python3 mssqlclient.py ARCHETYPE/sql_svc:M3g4c0rp123@10.129.252.27 -windows-auth
I get
[*] Encryption required, switching to TLS
[-] [(‘SSL routines’, ‘’, ‘legacy sigalg disallowed or unsupported’)]
Impacket v0.10.0
Python 3.10.6
Any idea, I’ve tried doing research it seems something to do with SSL
Ubuntu 22.04
Had the same issue. Ubuntu 22.04 upgraded OpenSSL to version 3.0.2, which is more strict in its security policies.
I’ve tried to edit /etc/ssl/openssl.cnf, but ended up using a dedicated docker for impacket which worked well for me.
Try running the strace to identify the right configuration file:
mssqlclient.py “$USER:$PASS@$TARGET_IP” -port 1433 -windows-auth 2>&1 | grep -E “/etc|.cnf|.conf|.config”
In Fedora:
/etc/pki/tls/openssl.cnf (includes opensslcnf.config)
/etc/crypto-policies/back-ends/opensslcnf.config
/etc/crypto-policies/back-ends/openssl.config
There is probably better way, but taking the CipherString from @SECLEVEL=2 to @SECLEVEL=1 makes the mssqlclient work again.
In case the solution provided by rebus is still erroring out, I’ve found a working solution.
If you have an older version of Impacket, purge it, then delete all of the python files within /usr/bin.
Once done, install v0.10.0 via the following link: GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.
Then create you a new openssl.cnf file in a new directory (such as folder with the box name). Within the file, add the following contents:
openssl_conf = default_conf
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=0
Now while using the mssqlclient command, pre-pend the following command: OPENSSL_CONF=./name of file.cnf
Also don’t forget to append -windows-auth at the end
My full version of the command is as follows: OPENSSL_CONF=./openssl.cnf
mssqlclient.py ARCHETYPE/:@ -windows-auth