Starting point trouble password

Lumo · April 18, 2020, 5:19pm

hi there
I running the mssqlclient.py but when i type the password (revealed in the file dt.config) it doesn’t work.
I tried to change the user in ARCHETYPE/Guest as suggested but still doesn’t working.
how did you get overcome ?
Thanks to all.

Lumo · April 21, 2020, 11:10am

Solved
i type the command in this way
python3 mssqlclient.py -p 1433 sql_svc@10.10.10.27 -windows-auth

insert the password revealed in dts.config file and that’s it.

ParadoxTime · April 22, 2020, 4:15pm

thanks #Lumo it work

zatoichi79 · April 25, 2020, 4:06am

I have an issue with the password after completing all the steps. I use the password in the shellps1 file but I continue getting this message at the end. I have also try the MEGACORP_4dm1n!! that apears after this step:

type C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
net.exe use T: \Archetype\backups /user:administrator MEGACORP_4dm1n!!

in any case this is what I get instead of getting the real password:

Password:
[-] Authenticated as Guest. Aborting
[-] Error performing the uninstallation, cleaning up
root@kali:/home/zatoichi# psexec.py adminstrator@10.10.10.27
Impacket v0.9.22.dev1+20200424.150528.c44901d1 - Copyright 2020 SecureAuth Corporation

Password:
[-] Authenticated as Guest. Aborting

DemiScuzz · April 25, 2020, 9:42am

So, It looks like one of the commands didnt work for you.
C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
should have shown you a file in with credentials in, didnt work for me either so I changed directories to type C:\Users\sql_svc\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ then
opened the file.

The passoword in the shell file is not the right one for the psexec.py command

The psexec.py administrator@10.10.10.27 should be run in a different terminal.

b14s · April 27, 2020, 2:21am

hi guys, i’m stuck in sending shell part. i started python webserver in one terminal, listening nc on another, and did sql on another terminal. But after sending xd_cmdshell with script i get GET 200 on python webserver and that’s it. What should i do?

segevush · April 28, 2020, 1:52am

Type your comment> @paarthurnax said:

hi guys, i’m stuck in sending shell part. i started python webserver in one terminal, listening nc on another, and did sql on another terminal. But after sending xd_cmdshell with script i get GET 200 on python webserver and that’s it. What should i do?

Did you find a solution to that?

Ajfar · April 28, 2020, 12:59pm

Type your comment> @paarthurnax said:

hi guys, i’m stuck in sending shell part. i started python webserver in one terminal, listening nc on another, and did sql on another terminal. But after sending xd_cmdshell with script i get GET 200 on python webserver and that’s it. What should i do?

I’m having the same issue as well… can anyone pls tell me what’s going wrong. TIA

SOLVED: All I did is just hit enter a couple times in the nc tab