Hi,
I’m having trouble getting into the flagDB database. I was able to get hash and password for the mssqlsvc user, but I cannot login. I found that the owner of flagDB is WINSRV02\Administrator. I think I need to find a hash for this user as well, but I am not sure how. I did not find anything in the accessible DBs.
Do you have any hint. please? Thanks!
Hi man did you find the way for the flagDB ?
To login with the user “mssqlsvc” you need to specify in the command that you want to use Windows authentication. In the cheatsheet is the command.
2 Likes
Thanks for the help. Not sure how we were meant to know how to do that from what’s provided in the course material? Seems a lot of these tasks are trial and error. Sqsh isn’t even installed on this box so used impackets mssqlclient as a work-around
Im stuck here as well.... I cant do nothing with the flagdb with mssqlsvc account…
Hi,
im am stuck at the login part with the user mssqlsvc.
- i got the Hash
- i cracked the Hash
- i got the password
- i tried to login via "sqsh -S 10.129.61.148 -U WIN-02\mssqlsvc -P ‘xxxxx’ -h
→ ct_connect(): directory service layer: internal directory control layer error: Requested
server name not found.
WIN-02\ \username is the correct servername, or?
Thanks for your help.