I’m having trouble getting into the flagDB database. I was able to get hash and password for the mssqlsvc user, but I cannot login. I found that the owner of flagDB is WINSRV02\Administrator. I think I need to find a hash for this user as well, but I am not sure how. I did not find anything in the accessible DBs.
Do you have any hint. please? Thanks!

Hi man did you find the way for the flagDB ?

To login with the user “mssqlsvc” you need to specify in the command that you want to use Windows authentication. In the cheatsheet is the command.


Thanks for the help. Not sure how we were meant to know how to do that from what’s provided in the course material? Seems a lot of these tasks are trial and error. Sqsh isn’t even installed on this box so used impackets mssqlclient as a work-around

Im stuck here as well.... I cant do nothing with the flagdb with mssqlsvc account…

im am stuck at the login part with the user mssqlsvc.

  • i got the Hash
  • i cracked the Hash
  • i got the password
  • i tried to login via "sqsh -S -U WIN-02\mssqlsvc -P ‘xxxxx’ -h

→ ct_connect(): directory service layer: internal directory control layer error: Requested
server name not found.

WIN-02\ \username is the correct servername, or?

Thanks for your help.