Hi everyone!
I’m pretty sure some of you have encountered this annoying problem using impacket’s mssqlclient.py script to (try and) connect to the ms-sql-s service on the Archetype machine, whilst getting this nice message at the end saying:
python3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.10 -windows-auth
Impacket v0.9.25.dev1+20220119.101925.12de27dc - Copyright 2021 SecureAuth Corporation
Password:
[*] Encryption required, switching to TLS
[-] [('SSL routines', 'state_machine', 'internal error')]
Hunting around for answers, I came across a couple of threads over at the impacket project page on GitHub which I’ll leave here, in case it solved the problem for you.
(Judging from the commands they’ve posted, they too are HTB friends, stuck on ARCHETYPE )
(Closed) Issue 866 - OpenSSL.SSL.Error: [(‘SSL routines’, ‘state_machine’, ‘internal error’)]
https://github.com/SecureAuthCorp/impacket/issues/866
(Open) Issue 856 - mssqlclient : ‘SSL routines’, ‘state_machine’, ‘internal error’
https://github.com/SecureAuthCorp/impacket/issues/856
Now although this has worked for some, unfortunately for me (and quite a few others) the problem remains.
The proposed solution, in case it helps anyone, is to modify lines 663 and 911 in impacket/impacket/tds.py file by doing the following:
Replace:
ctx = SSL.Context(SSL.TLSv1_METHOD)
For:
ctx = SSL.Context(SSL.TLSv1_2_METHOD)
Which, to keep it short and sweet, is basically bumping up TLSv1 (their default) to TLSv1.2 (which should be the working one).
Anyway, hopefully this will help a few out, although I’m actually hoping to see if someone has some feedback, pointers, or even a fix which would help me out a lot!
Goes to say that I installed the latest version of impacket today, following the instructions on GitHub. I’m running various versions of python (2.7, 3, 3.8 and 3.9) with failed results on the latest Linux Mint distro (I agree, maybe I should be on ParrotOS or even Kali for this).
Anyway, thanks and regards!