Closed jaredbarez closed 7 years ago
I've run into this as well, It seems to be an issue with Impackets MS-TDS implementation and some changes that were made to pyOpenSSL (https://github.com/CoreSecurity/impacket/issues/269). Whenever I get the time I'll try to look into it more closely.
This was fixed in Impacket with https://github.com/CoreSecurity/impacket/commit/754ee112e525ec1842115b9001fa5535e31e403d
Cheers
Hmmmm... After updating impacket (and CME) now I get new type of error: "[Error 104] Connection reset by peer":
cme --verbose mssql 10.10.10.10 -u sa -p 'badpass!!!' -a normal DEBUG Passed args: {'auth_type': 'normal', 'cred_id': [], 'darrell': False, 'domain': None, 'execute': None, 'fail_limit': None, 'force_ps32': False, 'gfail_limit': None, 'hash': [], 'jitter': None, 'list_modules': False, 'local_auth': False, 'module': None, 'module_options': [], 'no_output': False, 'password': ['badpass!!!'], 'port': 1433, 'protocol': 'mssql', 'ps_execute': None, 'query': None, 'server': 'https', 'server_host': '0.0.0.0', 'server_port': None, 'show_module_options': False, 'target': ['10.10.10.10'], 'threads': 100, 'timeout': None, 'ufail_limit': None, 'username': ['sa'], 'verbose': True} MSSQL 10.10.10.10 1433 None [*] MSSQL DB Instances: 1 MSSQL 10.10.10.10 1433 None Instance 0 MSSQL 10.10.10.10 1433 None ServerName:TEST MSSQL 10.10.10.10 1433 None tcp:1433 MSSQL 10.10.10.10 1433 None IsClustered:No MSSQL 10.10.10.10 1433 None Version:10.50.2500.0 MSSQL 10.10.10.10 1433 None np:\TEST\pipe\MSSQL$TEST\sql\query MSSQL 10.10.10.10 1433 None InstanceName:TEST
DEBUG Encryption required, switching to TLS Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/gevent-1.2.1-py2.7-linux-i686.egg/gevent/greenlet.py", line 536, in run result = self._run(*self.args, *self.kwargs) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/protocols/mssql.py", line 24, in init connection.init(self, args, db , host) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/connection.py", line 39, in init self.proto_flow() File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/protocols/mssql.py", line 51, in proto_flow self.login() File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/connection.py", line 211, in login if self.plaintext_login(self.domain, user, password): return True File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/protocols/mssql.py", line 149, in plaintext_login res = self.conn.login(None, username, password, domain, None, True if self.args.auth_type is 'windows' else False) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/tds.py", line 914, in login tds = self.recvTDS() File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/tds.py", line 577, in recvTDS packet = TDSPacket(self.socketRecv(packetSize)) File "/usr/local/lib/python2.7/dist-packages/crackmapexec-4.0.0.dev0-py2.7.egg/cme/thirdparty/impacket/impacket/tds.py", line 557, in socketRecv data = self.socket.recv(packetSize) File "/usr/local/lib/python2.7/dist-packages/gevent-1.2.1-py2.7-linux-i686.egg/gevent/_socket2.py", line 277, in recv return sock.recv(args) error: [Errno 104] Connection reset by peer Mon May 22 10:22:15 2017 <Greenlet at 0xb6bcde3cL: mssql(Namespace(auth_type='normal', cred_id=[], darrell=, <protocol.database instance at 0xb6be49ec>, '10.10.10.10')> failed with error
#
Steps to reproduce
git clone https://github.com/byt3bl33d3r/CrackMapExec cd CrackMapExec && git submodule init && git submodule update --recursive python setup.py install cme mssql -u sa -p 'badpass!!!' -a normal 10.10.10.10
Command string used (command launched as root)
cme mssql -u sa -p 'badpass!!!' -a normal 10.10.10.10
CME verbose output (using the --verbose flag)
OS
Kali Linux 2017.1 4.9.0-kali4-686-pae (same issue in amd64 version)
Target OS
Windows Server 2008 R2 Standard 7601 Service Pack 1
Detailed issue explanation
Default install of Kali Linux 2017.1 and default install of CME (dev). Cannot get it working (as described) altough connecting with provided credentials works without problem when used from within msfconsole. Please help