New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mssql module fails on Windows auth with known correct credentials #732
Comments
That is not supported, someone would need to add this. |
Thank you for the response, I really appreciate the status (saves more experimentation). If I’m not mistaken, Windows authentication (which supports domain specification) is now the default authentication mode in MSSQL, and there are 3 modes: Windows auth only (default and recommended best-practice), SQL auth only, and mixed-mode (supports both). It would be a great addition to the doc to specify which modes are supported for travelers which come after, as it will save them a lot of testing time (it would have me). This seems to be an area not very well covered by similar testing tools. Of the tools I’ve tested, most don’t support Windows auth at all, and the ones which do have some kind of problem with them. Of the tools I’ve tested, the Metasploit mssql-login module is the only one which I can get to work at all, though it has problems too.
So the sum of my experience thus far is that I know of no tool which either supports all MSSQL authentication modes, nor any tool that can run Windows authentication mode with a password list without crashing. If there is such a tool, it would be most welcome if someone could direct me to it, and I’ll gladly check it out. Unless I’ve totally missed it (entirely possible), seems like a pretty big hole in password brute-forcing platform coverage. If someone has a desire to implement, I suppose a step in the right direction would be checking out the MSF mssql-login source, which at least can accomplish a Windows auth successfully. Thanks again for the response. |
could be that there is currently no tool. maybe that motivates you enough to code it and and send a PR :) |
Hey, thx for the response. Motivation is no problem, I’d love to be able to add this — time is the limited commodity, which is why getting the doc updated with supported authentication modes for the MSSQL service might help make this happen. Had I known the limitations up front, testing time could have possibly been spent adding it. In fairness, this is kind of the case with all of the tools I mentioned — none really go into the capabilities (of MSSQL support, that is) in detail, and so I spent several days testing / debugging just to figure out what the tools would / not do. Perhaps when time permits I can circle back. Good tool, well done, and I really appreciate the response. |
Describe the bug
I am trying to use Hydra to brute-force MSSQL logins (disclaimer: authorized). Before running larger user and password lists, I am trying to verify accurate function of hydra against the SQL Server with a known username and password. Using the Hydra mssql module, I cannot get this to work correctly, although I know for a fact (both by connecting successfully and cracking successfully with other tools) these credentials work.
I believe the issue may be related to Windows authentication, which is the default for MSSQL and also the configuration setting of the server, meaning that my username requires a domain in addition to the password to successfully connect. I have tried all of the following forms of command to no avail (actual username, password, host, and port redacted).
All of these commands result in the same similar output as below:
To Reproduce
Execute Hydra with a command similar to the one above against a SQL Server configured to support Windows authentication only and with a domain username.
Expected behavior
With a correct username and password, I'd expect Hydra to properly connect and identify that the credentials were correct.
Screenshots
N/A
Desktop (please complete the following information):
Additional context
N/A
Any help getting this working would be greatly appreciated.
The text was updated successfully, but these errors were encountered: