HTB Starting Point - Impacket : unpack requires a buffer of 1 bytes

edited December 2020 in Machines

Hello guys, I'm new in htb and infosec,
I started with the initial VM ( starting point) and I got an error when trying to connect to mssql, after entering passwd it shows:

"[-] ('unpack requires a buffer of 1 bytes', "When unpacking field 'Type | <B | b''[:1]'")

which I don't understand what it means.

I tried the option of :

mssqlclient.py ARCHETYPE/[email protected] -windows-auth
with password: M3g4c0rp123


Some helpfull info ( I hope):

  1. I installed the package from the blackarch repo with "sudo pacman -S impacket " (0.9.21-1)
    , I also tried with the package from github (0.9.22) and got the same response ...

  2. Other thing that I noticed is when running the Nmap scanning the port of mysql seemed tcpwrapped, so I don't know iof this can be part of the issue.

  3. Also tried running the command with -debug

And found this (but dunno how to interpret it)

File "/home/user/.local/lib/python3.8/site-packages/impacket/structure.py", line 282, in unpack return unpack (format,data)[0]

Thanks for the help :smile: and for your time .

Comments

  • Hey there,

    I'm in your exact same position - just getting into HTB myself. I experienced the exact same issue you did and attempted the same solutions.
    I delved into "structure.py" and the exception is raised because structure.py is passed an empty byte (b'') from tds.py. I tried patching line 83 in structure.py to:

    if data is not None and len(data) > 0
    

    just in case it was an oversight (unlikely) but it didn't help - it resulted in a different error:

    $ python3 ./mssqlclient.py ARCHETYPE/[email protected] -windows-auth -debug 
    Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation
    
    [+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
    Password:  [M3g4c0rp123]                                                                                                
    [+] Exception:                                            
    Traceback (most recent call last):
      File "./mssqlclient.py", line 179, in <module>          
        res = ms_sql.login(options.db, username, password, domain, options.hashes, options.windows_auth)
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 905, in login
        resp = self.preLogin()
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 520, in preLogin 
        tds = self.recvTDS()
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 607, in recvTDS
        status = packet['Status']     
      File "/usr/lib/python3/dist-packages/impacket/structure.py", line 166, in __getitem__
        return self.fields[key]                                                                                          
    KeyError: 'Status'                                                                                                   
    [-] 'Status' 
    

    My suspicion is that something is up with the MSSQL database if someone higher up could check that claim? This is compounded by 90% of authentication requests resulting in the socket being closed by the remote host and resulting in:

    $ python3 ./mssqlclient.py ARCHETYPE/[email protected] -windows-auth -debug 
    Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation
    
    [+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
    Password:  [M3g4c0rp123]                                                                                                  
    [+] Exception:                                            
    Traceback (most recent call last):
      File "./mssqlclient.py", line 179, in <module>          
        res = ms_sql.login(options.db, username, password, domain, options.hashes, options.windows_auth)
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 905, in login
        resp = self.preLogin()
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 520, in preLogin 
        tds = self.recvTDS()
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 606, in recvTDS
        packet = TDSPacket(self.socketRecv(packetSize))
      File "/usr/lib/python3/dist-packages/impacket/tds.py", line 586, in socketRecv
        data = self.socket.recv(packetSize)                                                                              
    ConnectionResetError: [Errno 104] Connection reset by peer                 
    [-] [Errno 104] Connection reset by peer
    
  • Hi guys, I'm struggling with this too at the moment. I also tried to use version 0.9.19 of Impacket which is the same as is being used in the tutorial. This I tried in both python 2 and 3 virtual environments, but the error persists.

  • Yup having the same issue I tried everything possible but nothing still get this error.

  • Hello...
    I have the same error,

  • Raised a ticket with the service desk, will update when I hear back :)

  • I am also having the same problem. First time I tried it and got [-] ('unpack requires a buffer of 1 bytes', "When unpacking field 'Type | <B | b''[:1]'") Then I tried command again and now I'm getting [-] [Errno 104] Connection reset by peer

  • just starting...same issue. Heres a trace

    ─$ impacket-mssqlclient -windows-auth "ARCHETYPE/[email protected]" -debug
    Impacket v0.9.23.dev1+20201203.125520.aa0c78ad - Copyright 2020 SecureAuth Corporation

    [+] Impacket Library Installation Path: /usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket
    Password:
    [+] Exception:
    Traceback (most recent call last):
    File "/usr/share/doc/python3-impacket/examples/mssqlclient.py", line 179, in
    res = ms_sql.login(options.db, username, password, domain, options.hashes, options.windows_auth)
    File "/usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket/tds.py", line 905, in login
    resp = self.preLogin()
    File "/usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket/tds.py", line 520, in preLogin
    tds = self.recvTDS()
    File "/usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket/tds.py", line 606, in recvTDS
    packet = TDSPacket(self.socketRecv(packetSize))
    File "/usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket/structure.py", line 84, in init
    self.fromString(data)
    File "/usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket/structure.py", line 149, in fromString
    self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
    File "/usr/local/lib/python3.8/dist-packages/impacket-0.9.23.dev1+20201203.125520.aa0c78ad-py3.8.egg/impacket/structure.py", line 382, in unpack
    return unpack(format, data)[0]
    struct.error: ('unpack requires a buffer of 1 bytes', "When unpacking field 'Type | <B | b''[:1]'")
    [-] ('unpack requires a buffer of 1 bytes', "When unpacking field 'Type | <B | b''[:1]'")

    I am using Kali 2020.2 distro where I have gottent the latest impacket from github

    impacket-mssqlclient -h 130 ⨯
    Impacket v0.9.23.dev1+20201203.125520.aa0c78ad - Copyright 2020 SecureAuth Corporation

    ─$ python3 --version
    Python 3.8.6

    Suggestions ????

  • I have the same error too, i thought it was just me until i looked here. Seems we need to wait for a fix on the starting point machine?

  • I recently got into HTB and I am also stuck and running into this issue.

  • did anyone find a solution as its driving me crazy. im asuming not or someone would have commented

  • I have a ticket open and the service desk is working through it. In the meantime, I recommend the academy

  • THANKS for the reply please post result as ive just finished reinstalling kali removing reinstalling impacket python2 python3 added few versions of impacket all return the same
    "[-] ('unpack requires a buffer of 1 bytes', "When unpacking field 'Type | <B | b''[:1]'")"
    or
    "[-] [Errno 104] Connection reset by peer"

  • Type your comment> @snowdroppe said:

    I have a ticket open and the service desk is working through it. In the meantime, I recommend the academy

    Let us know what they say :)

  • Thank you, I thought I was going mad.

  • same issue here.
    tried to follow some ideas I found in this forum, nothing worked.
    updated all PIP packages, tried Python 3.7 - all the same.

    are we all using the latest Kali VM?
    I thought I'd try an older ubuntu docker just to rule it out...

  • Try modifying your command to include the password like so:
    mssqlclient.py ARCHETYPE/sql_svc:[email protected] -windows-auth

  • edited December 2020

    The problem was definitely server side and has now been resolved by service desk. You may still need to update Impacket if you get digest errors (tested and working with 0.9.22).

  • same issue here

    Tried in both Kali and Parrot os also tried with Python2.7, Python3.8. Not working.

  • tested and working, indeed!

  • edited December 2020

    Fixed.

  • edited December 2020

    I am on impacket version 0.9.22.
    I am still getting this error.

  • iggigg
    edited December 2020

    It is a problem with the server:
    Connect to the server , reboot it then try again. eg:

    # wmiexec.py administrator:MEGACORP_4dm1n\!\[email protected]
    Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
    
    [*] SMBv3.0 dialect used
    [!] Launching semi-interactive shell - Careful what you execute
    [!] Press help for extra shell commands
    C:\>shutdown /r /t 0 /f
    
    C:\>exit
    # mssqlclient.py ARCHETYPE/sql_svc:[email protected] -windows-auth
    Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
    
    [*] Encryption required, switching to TLS
    [*] ENVCHANGE(DATABASE): Old Value: master, New Value: master
    [*] ENVCHANGE(LANGUAGE): Old Value: , New Value: us_english
    [*] ENVCHANGE(PACKETSIZE): Old Value: 4096, New Value: 16192
    [*] INFO(ARCHETYPE): Line 1: Changed database context to 'master'.
    [*] INFO(ARCHETYPE): Line 1: Changed language setting to us_english.
    [*] ACK: Result: 1 - Microsoft SQL Server (140 3232)
    [!] Press help for extra shell commands
    SQL>
    
  • Check if your SAM and SYSTEM files are valid
    This link may help:
    https://github.com/SecureAuthCorp/impacket/issues/1052
Sign In to comment.