ATTACKING COMMON SERVICES - SQL databases

Hi,
I’m having trouble getting into the flagDB database. I was able to get hash and password for the mssqlsvc user, but I cannot login. I found that the owner of flagDB is WINSRV02\Administrator. I think I need to find a hash for this user as well, but I am not sure how. I did not find anything in the accessible DBs.
Do you have any hint. please? Thanks!

Hi man did you find the way for the flagDB ?

To login with the user “mssqlsvc” you need to specify in the command that you want to use Windows authentication. In the cheatsheet is the command.

2 Likes

Thanks for the help. Not sure how we were meant to know how to do that from what’s provided in the course material? Seems a lot of these tasks are trial and error. Sqsh isn’t even installed on this box so used impackets mssqlclient as a work-around

Im stuck here as well.... I cant do nothing with the flagdb with mssqlsvc account…

Hi,
im am stuck at the login part with the user mssqlsvc.

  • i got the Hash
  • i cracked the Hash
  • i got the password
  • i tried to login via "sqsh -S 10.129.61.148 -U WIN-02\mssqlsvc -P ‘xxxxx’ -h

→ ct_connect(): directory service layer: internal directory control layer error: Requested
server name not found.

WIN-02\ \username is the correct servername, or?

Thanks for your help.