Querier

Truly a fun machine. Def learned from it.

Great work @egre55 & @mrh4sh !

I have user M*VC, using Gy technical, I can enable x*****l, How can I obtain reverse shell? Any Hint?

Rooted with some basic enumeration and handwork (along with notes from a previous box). Have a shell so all is good.

Question to anyone else who got root on this box – I was not able to get sysinternals to work for anything useful. Was anyone else successful with sysinternals?

I have user, thanks a lot…

I am using the im*****t sql client to get connected and it keeps failing because of the auth mechanism. Can someone please nudge me in the right direction?

I keep getting the un**d dn error.
I could login successfully using metasploit though. (the enum scanner)

I would look at how m***l auth work, and how many types of auth can i use with it.

@mcruz Can you please PM me? I believe I know what auth Querier is using, but can’t get the syntax going… Or at least thats what I think the problem is.

Type your comment> @sportsfreak said:

I am using the im*****t sql client to get connected and it keeps failing because of the auth mechanism. Can someone please nudge me in the right direction?

I keep getting the un**d dn error.
I could login successfully using metasploit though. (the enum scanner)

same here, i can use the metasploit to enum with the credentials
but cant get connect with im*****t sql client to connect which getting untrusted domain error, can anyone provide some hints?

same here, i can use the metasploit to enum with the credentials
but cant get connect with im*****t sql client to connect which getting untrusted domain error, can anyone provide some hints?
@meowzilla
I had the same issue,as a remedy you can try to remove the password field from your syntax(if that’s right) and enter the password when prompted.hope it will be resolved.

Type your comment> @saketsourav said:

same here, i can use the metasploit to enum with the credentials
but cant get connect with im*****t sql client to connect which getting untrusted domain error, can anyone provide some hints?
@meowzilla
I had the same issue,as a remedy you can try to remove the password field from your syntax(if that’s right) and enter the password when prompted.hope it will be resolved.

Or you can simply escape it with a backslash "" , cause the “$” sign gets interpreted. :wink:

@meowzilla said:
Type your comment> @sportsfreak said:

I am using the im*****t sql client to get connected and it keeps failing because of the auth mechanism. Can someone please nudge me in the right direction?

I keep getting the un**d dn error.
I could login successfully using metasploit though. (the enum scanner)

same here, i can use the metasploit to enum with the credentials
but cant get connect with im*****t sql client to connect which getting untrusted domain error, can anyone provide some hints?

mcruz already answered to that, check i******* m********** options. For that reason I couldn’t connect using alamot’s tool but I imported its upload function into i******* m**********. Works like a charm.

thanks > @saketsourav said:

same here, i can use the metasploit to enum with the credentials
but cant get connect with im*****t sql client to connect which getting untrusted domain error, can anyone provide some hints?
@meowzilla
I had the same issue,as a remedy you can try to remove the password field from your syntax(if that’s right) and enter the password when prompted.hope it will be resolved.

thanks thats work!

@avetamine

Or you can simply escape it with a backslash "" , cause the “$” sign gets interpreted. :wink:
i don’t know if that was really the issue because i even tried with DBeaver and got the same login failed initially.But lastly that method worked which i described

Should i use r… p…o for privilege escalation?

Type your comment> @nijat11 said:

Should i use r… p…o for privilege escalation?

no

A great box!! But I really wish people stopped being assholes and deleting stuff… I wasted two days (mostly nights) because some motherfucker had deleted a file. And it was not done just once, because the box was reset multiple times in-between!! What gives?!? It is not the first time this has happened either. Yes, I should go VIP and I will… But this not ok!!

Warning to new ones: This is certainly not a 4.4/10 box. It’s the first time (following the intended method) that I get zero info from netbios/smb, after hours of scanning.

Type your comment> @stelios said:

Warning to new ones: This is certainly not a 4.4/10 box. It’s the first time (following the intended method) that I get zero info from netbios/smb, after hours of scanning.

***map -H

is sm***p to start with ? looking for initial foothold …please pm me …thanks

edit :- i think i got a start !!!

Type your comment> @avetamine said:

Type your comment> @saketsourav said:

same here, i can use the metasploit to enum with the credentials
but cant get connect with im*****t sql client to connect which getting untrusted domain error, can anyone provide some hints?
@meowzilla
I had the same issue,as a remedy you can try to remove the password field from your syntax(if that’s right) and enter the password when prompted.hope it will be resolved.

Or you can simply escape it with a backslash "" , cause the “$” sign gets interpreted. :wink:

I am an idiot
d-oh!