hi there
I running the mssqlclient.py but when i type the password (revealed in the file dt.config) it doesn’t work.
I tried to change the user in ARCHETYPE/Guest as suggested but still doesn’t working.
how did you get overcome ?
Thanks to all.
Solved
i type the command in this way
python3 mssqlclient.py -p 1433 sql_svc@10.10.10.27 -windows-auth
insert the password revealed in dts.config file and that’s it.
thanks #Lumo it work
I have an issue with the password after completing all the steps. I use the password in the shellps1 file but I continue getting this message at the end. I have also try the MEGACORP_4dm1n!! that apears after this step:
type C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
net.exe use T: \Archetype\backups /user:administrator MEGACORP_4dm1n!!
in any case this is what I get instead of getting the real password:
Password:
[-] Authenticated as Guest. Aborting
[-] Error performing the uninstallation, cleaning up
root@kali:/home/zatoichi# psexec.py adminstrator@10.10.10.27
Impacket v0.9.22.dev1+20200424.150528.c44901d1 - Copyright 2020 SecureAuth Corporation
Password:
[-] Authenticated as Guest. Aborting
So, It looks like one of the commands didnt work for you.
C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
should have shown you a file in with credentials in, didnt work for me either so I changed directories to type C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ then
opened the file.
The passoword in the shell file is not the right one for the psexec.py command
The psexec.py administrator@10.10.10.27 should be run in a different terminal.
hi guys, i’m stuck in sending shell part. i started python webserver in one terminal, listening nc on another, and did sql on another terminal. But after sending xd_cmdshell with script i get GET 200 on python webserver and that’s it. What should i do?
Type your comment> @paarthurnax said:
hi guys, i’m stuck in sending shell part. i started python webserver in one terminal, listening nc on another, and did sql on another terminal. But after sending xd_cmdshell with script i get GET 200 on python webserver and that’s it. What should i do?
Did you find a solution to that?
Type your comment> @paarthurnax said:
hi guys, i’m stuck in sending shell part. i started python webserver in one terminal, listening nc on another, and did sql on another terminal. But after sending xd_cmdshell with script i get GET 200 on python webserver and that’s it. What should i do?
I’m having the same issue as well… can anyone pls tell me what’s going wrong. TIA
SOLVED: All I did is just hit enter a couple times in the nc tab