Footprinting medium machinr

hey i am stuck on this task can you help me?

use ´xxx ´

I have got the credentials for sa user. But when I try to connect to the SQL server, it gives “Login failed for user ‘sa’. Microsoft SQL Server, Error: 18456”. Any hints on how to approach further?

From what I noticed doing research on that box the sa acount is deactivated!

Oh my that lab was very challengin to be a medium. Im afraid to know what the hard will be like. A tremendous amount of strategies come into play in this lab, and kind of confusing not used to worlking with databases. Wow Nice though I need to practice these types more often!

i think you should run the MSSQL as Administrator and use the password you found then login in MSSQL with selected login method

1 Like

use the command more important.txt

use another one like administrator and try with the sa’s password you found.

i went with just a grep -r "password" ./mnt like a barbarian lol

i had big problems with permissions accessing the mounted share. the share would be mounted as nobody and couldn’t cd into it. the first way i solved this was to become root (on macOS root isn’t enabled by default so had to enable first). with some more playing around after that i saw that i could do a sudo ls or sudo grep... to get the data from within the share without going into it (as sudo cd can’t be done and even sudo /usr/bin/cd wouldn’t work). not sure i fully understand the nfs permission system.

Thanks so much.

Did anyone else end up using the GUI on SQL Server Management, Even after playing with the firewall it didn’t let me connect remotely to MSSQL. I always got connection refused with alex creds or admin creds.

1 Like

I had to set the root user to be allowed access for xfreerdp with the command xhost +local:root
& I had to installl the package using sudo apt install xorg to be able to connect to the GUI machine via rdp

1 Like

I’ve completed this lab but I had a lot of troubles for the connection part. I tried using Remmina but it didn’t work at all; I made sure everything was correct several times. I then used xfreerdp which doesn’t work until that one time and I then proceeded to complete the lab. Later on I tried to xfreerdp again to test out, it then failed. Just wanted to ask is this supposed to happen or is it just my issue?

Errors:
Remmina: cannot connect to “IP” RDP server; my remmina version: 1.4.35
xfreerdp:
xfreerdp /u: /p:‘’ /v:
[17:14:22:134] [87684:87685] [WARN][com.freerdp.crypto] - Certificate verification failure ‘self-signed certificate (18)’ at stack position 0
[17:14:22:134] [87684:87685] [WARN][com.freerdp.crypto] - CN = WINMEDIUM
[17:14:31:149] [87684:87685] [ERROR][com.freerdp.core.connection] - Timeout waiting for activation
[17:14:31:151] [87684:87684] [ERROR][com.freerdp.core] - freerdp_abort_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_CANCELLED [0x0002000B]

1 Like

Completed, here is the hint

  1. mount NFS and find the only non 0 bytes logs
  2. use that credential to RDP
  3. Find important.txt (it is somewhere in the Windows Drive)
  4. However, this credential won’t work with MSSQL sa account → run MSSQL as admin using the same pass will do the jobs (people tends to repeately use the password)
1 Like

did you got in?

I’m very late to the party, but for anyone else searching:

Using my own Kali machine, I had to perform a ‘sudo su’ in order to access the share. Ran the same commands outlined in the module and got the same permission denied error with “nobody” owning the directory, but after that point, all you have to do is switch to the root user on your local machine and you should be able to view the contents.

Hi, have been working on the machine without any hints but I’ve been stuck for a while so I need some help.

I’ve gotten the credentials of “alex” and “sa”. I assume what you do is connect via RDP and then login into MSSQL using the “sa” credentials but with “administrator” as the username. Though, I always get the error “The certificate chain was issued by an authority that is not trusted”. (Btw I’ve ran the application as admin)

Any help is greatly appreciated!