search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.38k stars 3.56k forks source link

mssqlclient.py crashes right after connection is made and doesn't say error or anything #1670

Closed StopCamping closed 1 month ago

StopCamping commented 9 months ago

Configuration

impacket version: impacket-0.12.0.dev1+20231114.165227.4b56c18a-py3.11.egg Python version: python 3.11 Target OS: Microsoft 

mssqlclient.py -windows-auth ARCHETYPE/sql_avc:M3g4c0rp123@10.129.204.64 -debug
Impacket v0.12.0.dev1+20231114.165227.4b56c18a - Copyright 2023 Fortra

[+] Impacket Library Installation Path: /usr/local/lib/python3.11/dist-packages/impacket-0.12.0.dev1+20231114.165227.4b56c18a-py3.11.egg/impacket
[*] Encryption required, switching to TLS

kali@kali:~/impacket/examples$

This is the first time I ever do a discussion so I apologies if I don't make sense, I'm trying to pwn a HTB machine (ARCHETYPE) and so far, I've been stuck with this problem for days, when using mssqlclient.py with the correct syntax and pressing enter, it shows the { [*] Encryption required, switching to TLS } and then goes back to normal terminal which doesn't make any sense.

I've changed the configuration in the tds.py file which was about the TLS configuration, here's what it looks like rn:

 if resp['Encryption'] == TDS_ENCRYPT_REQ or resp['Encryption'] == TDS_ENCRYPT_OFF:
            LOG.info("Encryption required, switching to TLS")

            # Switching to TLS now
            ctx = SSL.Context(SSL.TLSv1_METHO)
            ctx = SSL.Context(SSL.TLSv1_2_METHOD)
            ctx.set_cipher_list('RC4, AES256')
            tls = SSL.Connection(ctx,None)
            tls.set_connect_state()
            while True:
                try:
                    tls.do_handshake()
                except SSL.WantReadError:
                    data = tls.bio_read(4096)
                    self.sendTDS(TDS_PRE_LOGIN, data,0)
                    tds = self.recvTDS()
                    tls.bio_write(tds['Data'])
                else:
                    break

            # SSL and TLS limitation: Secure Socket Layer (SSL) and its replacement,
            # Transport Layer Security(TLS), limit data fragments to 16k in size.
            self.packetSize = 16*1024-1
            self.tlsSocket = tls

Looking at videos and other peoples discussions never talk about this problem, could this be a problem in my device or something in Impacket? I didn't want to skip this pen testing method because I don't want to do things without knowing whats going on so yeah.

one final thing to mention is that I tried entering the password after it connects:

mssqlclient.py -windows-auth ARCHETYPE/sql_avc@10.129.204.64 -debug
Impacket v0.12.0.dev1+20231114.165227.4b56c18a - Copyright 2023 Fortra

[+] Impacket Library Installation Path: /usr/local/lib/python3.11/dist-packages/impacket-0.12.0.dev1+20231114.165227.4b56c18a-py3.11.egg/impacket
Password:
[*] Encryption required, switching to TLS

kali@kali:~/impacket/examples$

Tell me if there's anything I missed.

dkjajhqu2h3j commented 9 months ago

I also get this all the time using Impacket main v0.12.0.dev1+20231114.165227.4b56c18a. If I switch to the Impacket version that comes by default in Kali 2023.4, v0.11.0, this works.

gabrielg5 commented 9 months ago

Hi, linking this issue with #1356, to take into account when analyzing it. In the context of that PR the SSL connection set up has been changed. however that code is the same both in v0.11 and in current master

StopCamping commented 8 months ago

Hey, Sorry for replying late, I haven't done any training ever since I made this discussion.
I actually used both v11 and v12, but I had the same response, I was going to show that I get the same response using the pre built version, but when I did, it actually worked, I'm losing my mind, I literally used both version to which never worked and now after all this time, it finally worked when I wanted to proof something.

Thank you again for helping, I actually bamboozled that it worked rn.

pyrexfm commented 8 months ago

Facing the same issue in Ubuntu. Fixed by downgrading to v0.11

FoxSca commented 4 months ago

same issue on kali some suggestion how fix it? Impacket v0.12.0.dev1 - Copyright 2023 Fortra Password: [*] Encryption required, switching to TLS

gabrielg5 commented 1 month ago

Hey hello,

Finally found the changeset (https://github.com/fortra/impacket/pull/1617/commits/72d3d1513b99b15f7873c6574687b0d5ecd5428b) and PR (#1617) in the context the change was introduced. Will be working now in a new PR to better handling both scenarios

Just to validate, this is happening to you only when login fails right? If login goes ok, I'm receiving the SQLShell prompt as expected