Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mssqlclient.py "Unpacked data doesn't match constant value" / NTLMSSP #897

Closed
corsch opened this issue Jul 7, 2020 · 4 comments
Closed

mssqlclient.py "Unpacked data doesn't match constant value" / NTLMSSP #897

corsch opened this issue Jul 7, 2020 · 4 comments

Comments

@corsch
Copy link

corsch commented Jul 7, 2020

Configuration

impacket version: v0.9.21
Python version: 3.8.3
Target OS: KALI_2020.2 / Windows Server 2008R2 & 2012R2 (Both with SQL Server)

Debug Output With Command String

proxychains python3 mssqlclient.py -debug DOMAIN/USER@10.10.10.2 -p 53231 -windows-auth -no-pass

ProxyChains-3.1 (http://proxychains.sf.net)
Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation

[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
|S-chain|-<>-127.0.0.1:1080-<><>-10.10.10.2:53231-<><>-OK
[+] Exception:
Traceback (most recent call last):
File "mssqlclient.py", line 179, in
res = ms_sql.login(options.db, username, password, domain, options.hashes, options.windows_auth)
File "/usr/lib/python3/dist-packages/impacket/tds.py", line 972, in login
type3, exportedSessionKey = ntlm.getNTLMSSPType3(auth, serverChallenge, username, password, domain, lmhash, nthash)
File "/usr/lib/python3/dist-packages/impacket/ntlm.py", line 618, in getNTLMSSPType3
ntlmChallenge = NTLMAuthChallenge(type2)
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 84, in init
self.fromString(data)
File "/usr/lib/python3/dist-packages/impacket/ntlm.py", line 371, in fromString
Structure.fromString(self,data)
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 149, in fromString
self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 312, in unpack
raise Exception("Unpacked data doesn't match constant value '%r' should be '%r'" % (data, answer))
Exception: ("Unpacked data doesn't match constant value 'b'\x00\x00\x00\x00\x00\x00'' should be ''NTLMSSP\x00''", 'When unpacking field ' | "NTLMSSP\x00 | b'\x00\x00\x00\x00\x00\x00'[:8]'')
[-] ("Unpacked data doesn't match constant value 'b'\x00\x00\x00\x00\x00\x00'' should be ''NTLMSSP\x00''", 'When unpacking field ' | "NTLMSSP\x00 | b'\x00\x00\x00\x00\x00\x00'[:8]'')

Additional context

Works on KALI Linux with Impacket v0.9.20
=> Won't work after upgrade to Impacket v0.9.21

"SQL NTLM Stealer" => ntlmrelayx => proxychains mssqlclient
@corsch
Copy link
Author

corsch commented Jul 8, 2020

The trunk version v0.9.22.dev1 also seems to work fine.

@asolino
Copy link
Collaborator

asolino commented Jul 8, 2020

Thanks for verifying master branch is working fine @corsch , closing now.

@asolino asolino closed this as completed Jul 8, 2020
@pich4ya
Copy link

pich4ya commented Jun 18, 2022

I need this to be solved for HTB Scrambled.

@0xdeaddood
Copy link
Collaborator

Hi @pich4ya!

Please check #1343 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pich4ya @asolino @corsch @0xdeaddood