Hi all,
I’m a little confused… I managed to download a file with a connection string in it, and the creds for the SQL Server. It seems to be the same creds other people have identified for this machine.
However, when either using them from within msfconsole (via windows/mssql/mssql_payload), or creating a python script to connect and return a list of the tables… The authentication keeps failing.
Is there something obvious I’m missing here … any help would be greatly appreciated.
I think most people are using impacket if that helps?
Hi, kinda new to this but wanted to share (CONTAINS SPOILERS):
First time I tried on my own, after getting the prod.dtsConfig file (smb), I was using mssql-cli. You know on the account that this machine runs Ms Sql… but I simply could not get that to accept the credentials. I also tried dbeaver. And that too failed to connect. Only mssqlclient.py (by impacket) worked, and I got that after reading the top of a walkthrough after being stuck.
I wonder why only impacket works and mssql-cli does not…
All I’m saying, MS SQL supports multiple auth types.
Many clients seem to default to SQL Auth. You can make your own deductions from that.
The host can be owned using only MS Windows GUI software. MS SSMS one would need to dl.