capsulecorp-pentest
capsulecorp-pentest copied to clipboard
R3dy
MSSQL server on gohan is not reachable from the network
I had to manually enable TCP/IP (SQL Server Network Configuration) and disable TCP Dynamic Ports...
Hi, I also wasn't able to reach MSSQL on Gohan via nmap. How did you make MSSQL accessible?
I used vagrant:vagrant and played with "MSSQL Server Configuration" directly on the host via RDP. Another problem is that sa:Password1 is not working. After all, I assume my setup/provisioning did not work. Don't know why. I am using Manjaro Linux, all software the latest version. Though, during setup, log says my Ansible version is unknown. Yet, the other servers seem to work...
sa:Password1 were the credentials that I found when I ran cme smb discovery/hosts/windows.txt --local-auth -u sa -p focused-penetration/passwords.txt from the pentest virtual machine. I think those are the local account credentials and perhaps not the MSSQL account credentials? However I am not sure. In any case I haven't been able to detect any MSSQL service running on gohan at all. I'm using the provided pentest virtual machine for the actual process of pentesting but I've deployed the entire capsulecorp vm environment on Ubuntu 20.04 which is my main machine.
cat windows.txt
172.28.128.100
172.28.128.101
172.28.128.102
172.28.128.103
172.28.128.104
172.28.128.10
msf6 auxiliary(scanner/smb/smb_ms17_010) > use auxiliary/scanner/mssql/mssql_login
msf6 auxiliary(scanner/mssql/mssql_login) > set rhosts file:/home/pentest/capsulecorp/discovery/hosts/windows.txt
rhosts => file:/home/pentest/capsulecorp/discovery/hosts/windows.txt
msf6 auxiliary(scanner/mssql/mssql_login) > set username sa
username => sa
msf6 auxiliary(scanner/mssql/mssql_login) > set password Password1
password => Password1
msf6 auxiliary(scanner/mssql/mssql_login) > run
[*] 172.28.128.100:1433 - 172.28.128.100:1433 - MSSQL - Starting authentication scanner.
[!] 172.28.128.100:1433 - No active DB -- Credential data will not be saved!
[-] 172.28.128.100:1433 - 172.28.128.100:1433 - LOGIN FAILED: WORKSTATION\sa:Password1 (Unable to Connect: )
[-] 172.28.128.100:1433 - 172.28.128.100:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[-] 172.28.128.100:1433 - 172.28.128.100:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[*] Scanned 1 of 6 hosts (16% complete)
[*] 172.28.128.101:1433 - 172.28.128.101:1433 - MSSQL - Starting authentication scanner.
[!] 172.28.128.101:1433 - No active DB -- Credential data will not be saved!
[-] 172.28.128.101:1433 - 172.28.128.101:1433 - LOGIN FAILED: WORKSTATION\sa:Password1 (Unable to Connect: )
[-] 172.28.128.101:1433 - 172.28.128.101:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[-] 172.28.128.101:1433 - 172.28.128.101:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[*] Scanned 2 of 6 hosts (33% complete)
[*] 172.28.128.102:1433 - 172.28.128.102:1433 - MSSQL - Starting authentication scanner.
[*] Scanned 2 of 6 hosts (33% complete)
[!] 172.28.128.102:1433 - No active DB -- Credential data will not be saved!
[-] 172.28.128.102:1433 - 172.28.128.102:1433 - LOGIN FAILED: WORKSTATION\sa:Password1 (Unable to Connect: )
[-] 172.28.128.102:1433 - 172.28.128.102:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[-] 172.28.128.102:1433 - 172.28.128.102:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[*] Scanned 3 of 6 hosts (50% complete)
[*] 172.28.128.103:1433 - 172.28.128.103:1433 - MSSQL - Starting authentication scanner.
[*] Scanned 3 of 6 hosts (50% complete)
[!] 172.28.128.103:1433 - No active DB -- Credential data will not be saved!
[-] 172.28.128.103:1433 - 172.28.128.103:1433 - LOGIN FAILED: WORKSTATION\sa:Password1 (Unable to Connect: )
[-] 172.28.128.103:1433 - 172.28.128.103:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[-] 172.28.128.103:1433 - 172.28.128.103:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[*] Scanned 4 of 6 hosts (66% complete)
[*] 172.28.128.104:1433 - 172.28.128.104:1433 - MSSQL - Starting authentication scanner.
[!] 172.28.128.104:1433 - No active DB -- Credential data will not be saved!
[-] 172.28.128.104:1433 - 172.28.128.104:1433 - LOGIN FAILED: WORKSTATION\sa:Password1 (Unable to Connect: )
[-] 172.28.128.104:1433 - 172.28.128.104:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[-] 172.28.128.104:1433 - 172.28.128.104:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[*] Scanned 5 of 6 hosts (83% complete)
[*] 172.28.128.105:1433 - 172.28.128.105:1433 - MSSQL - Starting authentication scanner.
[*] Scanned 5 of 6 hosts (83% complete)
[!] 172.28.128.105:1433 - No active DB -- Credential data will not be saved!
[-] 172.28.128.105:1433 - 172.28.128.105:1433 - LOGIN FAILED: WORKSTATION\sa:Password1 (Unable to Connect: )
[-] 172.28.128.105:1433 - 172.28.128.105:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[-] 172.28.128.105:1433 - 172.28.128.105:1433 - LOGIN FAILED: WORKSTATION\sa: (Unable to Connect: )
[*] Scanned 6 of 6 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/mssql/mssql_login) >
Hi, I also wasn't able to reach MSSQL on Gohan via nmap. How did you make MSSQL accessible?
jtsec92- I see you are using rport 1433 which is also the one used in the Book, however 1433 may not be the port you MSSQL is pointing to. Look at your nmap scan with -p to see which port your MSSQL is running on. I hope this help.
Sorry I haven't been responsive on Github issue tracker. It's easier to reach me on Discord!
