Whenever I try to connect to my smb in mssqlclient via xp_dirtree no connection is made to my server and single quote is used it shows Incorrect syntax near '\' . Can anyone help me.
I had the same problem. Looks like I had a service running which would resync the time, so when I used ntpdate it would immediately reset. This can be fixed on your attacker machine (kali for me):
- Disable timesync service with: systemctl stop systemd-timesyncd.service
- Sync your ntp on attacker box with: sudo ntpdate
- Then re-run your attack and it should work
3 Likes
just download the Certify.exe
1 Like
- need help. i am doing the EScape lab. I am about to complete the admin privilege escalation. I am stuck on sudo impacket-psexec ‘Ad@10.10.11.202’ -hashes xxxxxx. i keep getting the error "
[*] SMBv3.0 dialect used
[-] Unknown DCE RPC fault status code: 00000721
[-] SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)"
my DM is open
Pliz how do I solve this
i tired ldap enumeration for long time got stuck at so many rabit hole in end enumerating with simple default accounts came to the help
Yep, sticking to the basics was the solution to the initial foothold.
I managed to login with the first user and have a shell but I don’t have any idea if I have to exploit the vulnerability related to SeMachineAccountPrivilege. The commands like New-MachineAccount doesn’t work and I think it’s not the right way
че делать? как пофиксить? не синхронизуется с сервером [-] Got error while trying to request TGT: Kerberos SessionError: KRB_AP_ERR_SKEW(Clock skew too great)
Thank you!
Any hint where to start with it would be great. Thanks!
Anyone else getting this error when using those Creds from PDF?
ERROR(DC\SQLMOCK): Line 1: Login failed for user 'sequel\Guest'.
NM Solved the issue 
I was using wrong backslash.
Hello All
I got a SSL error with Impacket
I tried to check and modify my Openssl.cnf
but nothing 
[*] Encryption required, switching to TLS
[-] [('SSL routines', '', 'legacy sigalg disallowed or unsupported')]
It seems to be an SSL error
=> ‘Secure Renegotiation IS NOT supported’ Error
It’s only for me ?
It happened to me as well So I git cloned the impacket, installed the requirements and ran tool from that directory. It worked.
Or you can just use SQSH as well.
1 Like
Ok Thanks
I git cloned the Impacket too (few weeks ago).
I try with this script… same error…
I run pip install -r requirements.txt, I run the setup.py script from the git clone
and it works !!
1 Like
More simply, I was able to just use date -s to manually set my box’s time to the DC’s time.
Neat box, learned a lot! 
Hi all. I managed to get onto the box fairly quickly using the service account, but having considerable difficulty getting from there to the low privileged user. From reading some of the posts here it sounds like it must be pretty straightforward but I’m clearly missing something - any hints would be gratefully received! (please feel free to DM or reply)
2 Likes
Hello, i turn around on the server , i am in with the sql server account but can’t get system … please…help… 
. Tried all i know about print hacks but no way to elevate or impersonate , tried to enumerate certificate as seen here but no right over these … so it’ s my first box .
There is another way to the next user. You need to pillage. Rifle around until you find what you are looking for.
hello , thanks . I allready tried lazagne, mimikatz ,services and tasks … But it seems that i miss something 
.
Can someone help me in this?
┌──(kali㉿kali)-[~/Desktop/escape]
└─$ date;sudo ntpdate 10.10.11.202;date;sleep 10;date
Sun Apr 30 11:15:29 AM IST 2023
2023-04-30 19:15:32.748892 (+0530) +28803.017674 +/- 0.199339 10.10.11.202 s1 no-leap
CLOCK: time stepped by 28803.017674
Sun Apr 30 07:15:32 PM IST 2023
Sun Apr 30 11:15:40 AM IST 2023
Whenever I try to update the clock it automatically gets back to local time.
Tried disabling systemd-timesyncd.service and setting time manually by date -s but still no use.