Starting Point mssqlserver

Hello!
When I do this, I obtain [-] [(‘SSL routines’, ‘state_machine’, ‘internal error’)].
I found in GitHub this issue (mssqlclient : 'SSL routines', 'state_machine', 'internal error' · Issue #856 · fortra/impacket · GitHub) but in this discussion didn’t say how to fix it (except that I should downgrade Python 3.8 to 3.7, but then there happens problems with pip).
What can I do?

I write about this problem to the pyOpenSSL:

Type your comment> @Gaccount22 said:

when running the command python3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth

I get

Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation

Password: entered the pw

then

[*] Encryption required, switching to TLS
[-] Missing required parameter ‘digestmod’.

I don’t see the rest of the info

I am also getting this error, I am not able to resolve this.

I only recently joined and have been focusing on working through the Starting Point lab myself. Something I’ve noticed as a common thread in the walkthroughs is that they seem very rushed and make a lot of assumptions, often skipping steps or, conversely, sending you down rabbitholes that you don’t need to go down. I think it’s assumed that you’ll search around to find whatever you’re missing, or that you’re able to troubleshoot linux package issues independently when something doesn’t work, or that you know enough to know when they’re misleading you or making you work too hard. That’s… definitely not the case for everyone doing Starting Point, which is supposed to be (imo) an introduction to cyber security to help you get your feet wet.

Personally, I can mostly muddle through, but it’s also frustrating to have to fight against your tools instead of being able to learn, so in the interest of accessibility, I have some general tips for Starting Point. Just gonna post this here but #4 in particular will be of interest to you I think.

  1. This isn’t really made explicit, but the machines are intended to be done in order from top to bottom. First archetype, then oopsie, vaccine, shield, and finally pathfinder. If you try to do what I did at first and target all the Windows machines first, you’re in for a bad time and will need to brute force stuff and do other more advanced techniques and you’ll probably get nowhere if you’re like me (inexperienced).
  2. Keep good notes as you go, and save the outputs of your scans etc. This is just good practice for pentesting in general. Make a folder for each new machine and throw everything in there. I use CherryTree because it lets me do a tree structure and easily copy in screenshots I take as I go. Helps you stay organized and remember things you find, like credentials for instance. For SP in particular, it seems they want you to do a chain of hacks where you get credentials for the next machine from the previous one.
  3. There is a set of credentials you’ll find on a particular machine that have an IP paired with them that is incorrect. Ignore it. The creds you find there are intended to be used on the next machine down, though the IP doesn’t match. I think they just never updated this.
  4. Make sure that your machine is using python 3, with pip3 installed. Something I keep running into as I try to learn infosec in general is that everything is in python 2. Very frustrating. If you see someone just calling “python” rather than “python3” in a video for instance, that’s python 2, the code isn’t going to work anymore. Anyway, on the kali repos, pip3 is “python3-pip”. Once you have pip3, use that to install any modules you see missing when you run python scripts. This is probably the solution to your problem. Try using pip3 to install whatever “digestmod” is (syntax: sudo pip3 install digestmod) and take a look at the output. In general, this is a good path to try to get something working on linux. You’ll often have missing dependencies or, especially in a pentesting context, missing modules or libraries from whatever code you’re trying to run, and you gotta just go track that stuff down one by one. In the case of Python, pip3 is your friend here, as that’s what makes sure Python can actually access and use code library modules properly (I think). Don’t just go cloning githubs and trying to compile them willy nilly, you’ll probably break stuff lol.
  5. Be on the lookout for unnecessary instructions. This one is going to be tougher for a raw beginner to spot. But for instance, on ARCHETYPE, after setting up your nc listener, the walkthrough tells you to “use ufw” to make a new rule in your firewall to allow the connect-back (though it doesn’t tell you that’s what you’re doing with that line). You absolutely do not need to do this. Also you probably don’t even have ufw installed; it’s the Ubuntu firewall tool lol. The SP walkthroughs have more stuff like this in them, so if you’re following along and you see ■■■■ that doesn’t make sense, stop and take a closer look. Google / duckduckgo what they’re talking about, see if you can understand the theory. Find the packages they reference. A lot of times they’ll point you to using some specific tool when you don’t need to, for instance gobuster. You can easily use ANY spidering tool there, like dirb, dirbuster, or even spidering with zap or burpsuite. Don’t fixate on the particular tool you’re pointed to so much as the end goal you’re aiming at. Especially since you can tell from a lot of the screenshots of code that whoever wrote the walkthroughs was on a Mac. So the commands they run are going to be different. Like them just being able to type “mssqlclient.py” instead of having to invoke python3 first, for instance. If you know of a tool already that will help you do what they’re trying to get you to do, don’t get lost down the hole of trying to install and get a new package working. Instead, use what you already have that you know is installed and configured properly already. Installing stuff on linux is non-trivial, haha. It can easily consume your day and frustrate the ■■■■ out of you if it’s something obscure or you run into problems with dependencies. It’s for this reason that I just use out-of-the-box Kali for HTB.
  6. Finally, something I’ve found incredibly helpful is to do each SP machine multiple times. Your first time through, you’ll have to muddle around and the solutions will seem contrived or even random to you. “How did they know to check THERE?” you’ll ask yourself (the answer being basically, you just figure out where to look for stuff based on experience, I think). But what you’ll want to do is let the machine rest for a day or two so you mostly forget stuff about it, then go back in from scratch and try it blind again. Keep an eye out for contextual clues and try to arrive at the reasoning required to get to the next step. For instance, if you’re internal on the host and you know you got in via web exploitation on HTTP, think “okay, where are the website’s files here locally?” Maybe there’s something juicy there. If you get in on a particular user, find out their privileges, see what they have access to and go poke it. This is another thing where keeping notes will help you, as will trying to make little write-ups for yourself after that summarize what you did and in what order and what you found using which vulnerabilities etc. Just be mindful of spoiler policies on the site, keep these for yourself.

So yeah. Good luck! By the time you get through SP, you’ll have a lot more confidence and knowledge, but it may take a couple weeks if you’re starting from only a general linux background like I am.

i am stuck at this point

python3 mssqlclient.py ARCHETYPE\sql_svc@10.10.10.27 -windows-auth
Impacket v0.9.22.dev1 - Copyright 2020 SecureAuth Corporation

Password:
[*] Encryption required, switching to TLS
[-] ERROR(ARCHETYPE): Line 1: Login failed for user ‘ARCHETYPE\Guest’.

Type your comment> @q8cloud said:

i am stuck at this point

python3 mssqlclient.py ARCHETYPE\sql_svc@10.10.10.27 -windows-auth
Impacket v0.9.22.dev1 - Copyright 2020 SecureAuth Corporation

Password:
[*] Encryption required, switching to TLS
[-] ERROR(ARCHETYPE): Line 1: Login failed for user ‘ARCHETYPE\Guest’.

solved using following
python3 mssqlclient.py ARCHETYPE/sql_svc:M3g4c0rp123@10.10.10.27 -windows-auth -debug

Type your comment> @tasidonya said:

If you clone the git repo, the mssqlclient.py is in impacket/examples/, so you may need to tweak the command to reflect the correct path, e.g. instead of mssqlclient.py you write impacket/examples/mssqlclient.py. A helpful linux command could be

 locate mssqlclient.py

and copying the full path from there.

Also, you may need to run it with python3, i.e.

python3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth

Which has worked for me

@tasidonya
i tried using Python3 & this is the result. may be the alternatives didn’t worked for me, i switched frm 2.7 to 3.7. Please help!
Traceback (most recent call last):
File “mssqlclient.py”, line 25, in
from impacket import version, tds
File “/usr/lib/python3/dist-packages/impacket/tds.py”, line 35, in
from OpenSSL import SSL
File “/usr/lib/python3/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import crypto, SSL
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 12, in
from cryptography import x509
File “/usr/lib/python3/dist-packages/cryptography/x509/init.py”, line 8, in
from cryptography.x509.base import (
File “/usr/lib/python3/dist-packages/cryptography/x509/base.py”, line 18, in
from cryptography.x509.extensions import Extension, ExtensionType
File “/usr/lib/python3/dist-packages/cryptography/x509/extensions.py”, line 20, in
from cryptography.hazmat.primitives import constant_time, serialization
File “/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/constant_time.py”, line 11, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named ‘_cffi_backend’

Type your comment> @deepakmunda26 said:

@tasidonya
i tried using Python3 & this is the result. may be the alternatives didn’t worked for me, i switched frm 2.7 to 3.7. Please help!
Traceback (most recent call last):
File “mssqlclient.py”, line 25, in
from impacket import version, tds
File “/usr/lib/python3/dist-packages/impacket/tds.py”, line 35, in
from OpenSSL import SSL
File “/usr/lib/python3/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import crypto, SSL
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 12, in
from cryptography import x509
File “/usr/lib/python3/dist-packages/cryptography/x509/init.py”, line 8, in
from cryptography.x509.base import (
File “/usr/lib/python3/dist-packages/cryptography/x509/base.py”, line 18, in
from cryptography.x509.extensions import Extension, ExtensionType
File “/usr/lib/python3/dist-packages/cryptography/x509/extensions.py”, line 20, in
from cryptography.hazmat.primitives import constant_time, serialization
File “/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/constant_time.py”, line 11, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named ‘_cffi_backend’

Try running the following command:

python3 -m pip install cffi

And then run your thing again. Post here how it goes!

done with the python3 & guess what i got 2 flag. I can’t even imagine that i did this…but really happy with it. One more thing, is it necessary to vote the machine after collecting flag in order to reset it.

@deepakmunda26 said:
done with the python3 & guess what i got 2 flag. I can’t even imagine that i did this…but really happy with it. One more thing, is it necessary to vote the machine after collecting flag in order to reset it.

@tasidonya said:
Type your comment> @deepakmunda26 said:

@tasidonya
i tried using Python3 & this is the result. may be the alternatives didn’t worked for me, i switched frm 2.7 to 3.7. Please help!
Traceback (most recent call last):
File “mssqlclient.py”, line 25, in
from impacket import version, tds
File “/usr/lib/python3/dist-packages/impacket/tds.py”, line 35, in
from OpenSSL import SSL
File “/usr/lib/python3/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import crypto, SSL
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 12, in
from cryptography import x509
File “/usr/lib/python3/dist-packages/cryptography/x509/init.py”, line 8, in
from cryptography.x509.base import (
File “/usr/lib/python3/dist-packages/cryptography/x509/base.py”, line 18, in
from cryptography.x509.extensions import Extension, ExtensionType
File “/usr/lib/python3/dist-packages/cryptography/x509/extensions.py”, line 20, in
from cryptography.hazmat.primitives import constant_time, serialization
File “/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/constant_time.py”, line 11, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named ‘_cffi_backend’

Try running the following command:

python3 -m pip install cffi

And then run your thing again. Post here how it goes!

@tasidonya said:
Type your comment> @deepakmunda26 said:

@tasidonya
i tried using Python3 & this is the result. may be the alternatives didn’t worked for me, i switched frm 2.7 to 3.7. Please help!
Traceback (most recent call last):
File “mssqlclient.py”, line 25, in
from impacket import version, tds
File “/usr/lib/python3/dist-packages/impacket/tds.py”, line 35, in
from OpenSSL import SSL
File “/usr/lib/python3/dist-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import crypto, SSL
File “/usr/lib/python3/dist-packages/OpenSSL/crypto.py”, line 12, in
from cryptography import x509
File “/usr/lib/python3/dist-packages/cryptography/x509/init.py”, line 8, in
from cryptography.x509.base import (
File “/usr/lib/python3/dist-packages/cryptography/x509/base.py”, line 18, in
from cryptography.x509.extensions import Extension, ExtensionType
File “/usr/lib/python3/dist-packages/cryptography/x509/extensions.py”, line 20, in
from cryptography.hazmat.primitives import constant_time, serialization
File “/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/constant_time.py”, line 11, in
from cryptography.hazmat.bindings._constant_time import lib
ModuleNotFoundError: No module named ‘_cffi_backend’

Try running the following command:

python3 -m pip install cffi

And then run your thing again. Post here how it goes!

@deepakmunda26 said:
done with the python3 & guess what i got 2 flag. I can’t even imagine that i did this…but really happy with it.

Well done! :smiley:

@deepakmunda26 said:
One more thing, is it necessary to vote the machine after collecting flag in order to reset it.

This is the first time I hear about voting reset after you’re done, I thought it’s just for the cases when the machine is behaving oddly. I would be curious to know too if this is etiquette to vote reset after you’re done?

I ran the below command and the said path but getting error. can you please help me with that
Command-
python3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth

Error-
Traceback (most recent call last):
File “mssqlclient.py”, line 24, in
from impacket.examples import logger
ModuleNotFoundError: No module named ‘impacket’

Type your comment> @Tunes90 said:

I had the same issue with with it asking for a password. Can i get some help?

What was the password cause I also don’t know it.

Does anyone have the password to
“python3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth”

the pasword is found in previous step you did

can somebody help me i have problem when i run command sudo nc -lvnp 443 it types listening on any 443 port

@GHOSTanonymus said:

can somebody help me i have problem when i run command sudo nc -lvnp 443 it types listening on any 443 port

That is literally the output you get when it works.

Your netcat listener is working.

I have a question on this step. It is my first time I have to use mssql client. At the beginning I installed mssql-cli via pip3. But the credential didn’t work. crackmapexec confirm they were ok. At the end I switch to impacket version and it works. But I wonder what’s wrong on my first choice. Maybe did I miss a parameter?

thank you

No dont install mss just run it with python3