hey y’all,
Need some help with the first question in the Attacking SQL database.
I have no clue how to get the mssql password. I have looked at all the db’s and I do not have access to the flagDB or hmaildb. Have no clue how to move forward on this section. Any help would be appreciated.
Try one of the approaches mentioned in the text in that chapter. It has to do with undocumented stored procedures. Try those and I’m sure you’ll figure it out.
Hey man, thanks for that. Let me try that. I had to take a quick brake.
I have the service account password but doesn’t seem to allow login. They can’t be impersonated either. I’m lost what to do, here.
Try sqsh (doesn’t work on pwnbox so VPN on own Liux machine), that did the trick for me. I always hate it when you get sidetracked with unclear ‘execution’ things but if you have the right password it should work.
Bro, I am lost haha… I think i am over looking something here. Would yall be able to give me another nugget? I have tried looking through the db however, I am unable to find the users table. However, I have found
however, I am unable to find much of use. I have tried enum the other ports and I might be missing something throughout the ports.
I will be looking into RDP. Hopefully I find something?
I tried logging in with sqsh using the right credentials of mssqlsvc but its not working.
Hello, I`m same as you… Looking through forums and searching for totally stuck at the moment…
yeah it’s not as intuitive but there is a GUI option. you just right click on what you want and there should be an option
Thanks!! I got it 
gui option for what?
For anyone still working on this, here are notes and hints (uncover as you progress).
NOTE:
htbdbuser only with the sqlcmd toolHINT:
$ sqlcmd -S <IP> -U htbdbuser followed by the passwd.mssqlsvc passwordNOTE:
mssqlsvc – I had to connect remotely from VPN because the sqsh is not working properly on the pwnbox. So establish VPN and try it form your PC.HINT:
sqsh to use Windows Authentication, just look closely into the module text.GL!
Check impacket mssqlclient, esp the command help once you’re connected. It has some nice added functionalities / shortcuts for most of the techniques taught in this chapter (easy activation of xp_cmdshell, enumeration of users that you can impersonate, links, etc.).
Great tool.
Read this if you are using Impacket’s mssqlclient and can’t login as the mssqlsvc user and are getting the error “Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.”
DO NOT put the .\ or WIN-02\ in front of the username, leave it as user@host, but you DO need another option for Windows auth, check the help menu for that
Guys, when you connect to mssql CLI there’s one option to authenticate 
Hello, i tried all approaches can’t find the hash, any hint please ? thanks
follow these steps
you couldn’t give better suggestions.
Hey, how did you install sqsh and / or sqlcmd on pwnbox? I am currently using impacket to log in, but this seems pretty buggy… 
Ah… I got sqlcmd installed… I followed these instructions: