I have completed many modules but sometimes you are really stuck. Most of the times I figure it out on my own or are helped with a little hint in this forum but on this one I’m really stuck. I tried it with sqlcmd on my own pc and a VPN but I really am lost in how to get to the linked server via the mssqlsvc account. Any help would indeed be appriciated…
The flag is very simple. You are definitely on the right track. Perhaps you have misconfigurations or using the wrong parameters?
Make sure you are using inlanefreight.htb and not inlanefreight.com.
Make sure the resolvers.txt is using the target IP address.
Finally, make sure your dig command has the right parameters: dig [axfr|any|ns|mx|…] targetdomain @targetip
Heyo. I found the hash. Tried to crack it using hashcat; I tried the provided password list, as well as like 15+ different other playlist but I can’t crack it. Can anyone give a tip on which password list should be used?
Was about to post the same. Something isn’t quite right here .
I got the password for user mssqlsvc by acquiring the hash using responder and cracking it using hashcat.
Would have thought that with said password and username I’d be able to log in and enumerate the flagDB database to get the flag.
But neither mssqlclient.py, nor sqsh or sqlcmd (I installed the latter just to try this out) seem to accept the username & password as a valid pair. All 3 work with the htbdbuser credentials provided in the instructions.
here are a bunch of random sentences that i think might point you in the right direction.
hint: i had a response to every sentence he through at me .i love hash browns i make sure theres nothing left over when ever i order them. my favorite wrestler is dawyne johnson. before making sales quality clients are brought to a window to check their authorization.