Starting Point foothold mssqlclient.py

niefusdotexe · February 26, 2021, 12:43pm

Type your comment> @tonyntas said:

The command is working as expected but the issue is that the \ needs to be escaped and become /\… meaning the working command is
python3 mssqlclient.py ARCHETYPE/\sql_svc:M3g4c0rp123@10.10.10.27 -windows-auth
# notice the escaping of the \

huh? ‘/’ is not an escape character. Backslashes (‘') are used to escape characters. You could just use a forward-slash (’/‘). A properly escaped backslash (’\‘) won’t work with this script because that’s not valid syntax. The ‘/\s…’ only works because the ‘\s’ translates to s, but had the username began with an ‘n’, that would be interpreted as a newline character (’\n’).

If you run the mssqlclient.py script with just a -h flag, the help message implies that it only accepts ‘/’ as a separator between domain and username.

positional arguments:
  target                [[domain/]username[:password]@]<targetName or address>

Cybermoritz · March 9, 2021, 6:42pm

Type your comment> @Legilmalas said:

Hello everyone,
I’m new at HTB and i have a problem with mssqlclient.py
When i’m running the command :
“sudo python3 mssqlclient.py ARCHETYPE\sql_svc@10.10.10.27 -windows-auth”

the command return this :

Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation

Password:
[*] Encryption required, switching to TLS
[-] Missing required parameter ‘digestmod’.

i’ve tried to use the mssqlclient with python 3.7 and 2.7 but no one works

This is so sad i’m stuck in the tutorial

Thank you in advance for your answer.

try omit the domain ARCHETYPE, because it is trusted and no need to be explicit:

└─$ python3 ./impacket-master/examples/mssqlclient.py sql_svc@10.10.10.27 -windows-auth
Impacket v0.9.23.dev1 - Copyright 2020 SecureAuth Corporation

Password:
[] Encryption required, switching to TLS
[] ENVCHANGE(DATABASE): Old Value: master, New Value: master
[] ENVCHANGE(LANGUAGE): Old Value: , New Value: us_english
[] ENVCHANGE(PACKETSIZE): Old Value: 4096, New Value: 16192
[] INFO(ARCHETYPE): Line 1: Changed database context to ‘master’.
[] INFO(ARCHETYPE): Line 1: Changed language setting to us_english.
[*] ACK: Result: 1 - Microsoft SQL Server (140 3232)
[!] Press help for extra shell commands

Peechz68 · April 30, 2021, 1:15pm

I’m guessing maybe Apache2 and postgresql were running? when I shut those down, I was able to connect. Now I’m messing with impacket.

Uniformal · May 2, 2021, 4:38am

Try running it again after this brief command.
pip install impacket --upgrade --user
OR
pip3 install impacket --upgrade --user

judra · July 13, 2021, 9:45am

On my side what I did was:

a clone of the Impacket’s git hub;
copied the utils.py file from ./impacket/examples/ to ./examples (yes, there are two examples folder)
changed the mssqlclient.py (inside of the ./examples) where it says “from impacket.examples.utils import parse_target” to “from utils import parse_target”
ran the command
python3 mssqlclient.py ARCHETYPE/sql_svc:M3g4c0rp123@10.10.10.27 -windows-auth
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation

kamikami · August 7, 2021, 8:46pm

@5H4D0W13 @squirrelcop I’m facing the same issue as you two. Did you manage to figure out how to make it work?

SSHad0w · December 18, 2021, 1:46am

What worked for me is impacket-mssqlclient ARCHETYPE/sql_svc:'$password'@archetype.htb -windows-auth I’m using a fully updated box with impacket installed by default. It’s currently December 2021.

Stoertehacker · January 20, 2022, 1:09am

For all with the errorcode: connection timeout
delete all openvpn files → kill the openvpn connection → reconnect to the startingpoint → refresh the website and Maschine IP → run the “python3 mssqlclient.py ARCHETYPE/sql_svc@10.129.148.121 -windows-auth” code again

sky · March 25, 2022, 2:18am

I tried it successfully.python mssqlclient.py ARCHETYPE/\sql_svc@10.129.157.20x -windows-auth
But,I don’t know the reason about it.

SANYAP308 · June 17, 2022, 9:56am

reset your machine , in my case issue is solved

Traceback (most recent call last):
File “/root/.local/share/Trash/files/impacket/examples/mssqlclient.py”, line 169, in
ms_sql.connect()
File “/usr/local/lib/python3.9/dist-packages/impacket/tds.py”, line 535, in connect
sock.connect(sa)
OSError: [Errno 113] No route to host

beech · July 4, 2022, 6:50pm

Try removing the "ARCHETYPE" from the command. So it will become something like this

python3 mssqlclient.py sql_svc@10.10.10.27 -windows-auth

Make sure you have impacket installed (if not, run python3 setup.py install ), if you are in the right directory and don’t forget to change the IP address
It worked for me

iamroot · August 24, 2022, 12:16am

thanks bro it’s working

jtravisp · January 27, 2023, 9:15pm

I’ve gone through all of the replies here and can’t get it to work. I can ping and nmap the server. I used impacket on a previous exercise and it’s installed. Any advice?

roxst4r · May 30, 2023, 3:49pm

To all those, still facing the issue - This video should fix your errors

Install pimpmykali and run it as shown in the video!

gsbuosi · June 20, 2023, 6:05pm

Try to connect from the pwnbox

axamalmil · October 13, 2023, 9:17am

Hey,
I found a fix for this problem on github.
https://github.com/fortra/impacket/issues/613

Not very sure why its like that but try this:

python -m mssqlclient -p 1433 sql_svc@<Ip-addr> -windows-auth

Now it should work…at least for me it did.

Oh and for some you might have to add the file extension of mssqclient:
python -m mssqlclient.py -p 1433 sql_svc@<Ip-addr> -windows-auth

arleo · January 5, 2024, 10:04am

Thanks, this worked for me I couldn’t get past the connection as It would just exit my session after saying that it is trying TLS but after removing ARCHETYPE it works.

BushidoRaccoon · March 21, 2024, 3:15am

As of 3/20/2024, using the Pwnbox:

mssqlclient.py ARCHETYPE/sql_svc@arch -windows-auth

Then, put in the password you enumerated from the backup folder.