HTB Mongod

This is another of the Very easy HTB Starting Point boxes.

$ nmap -sV -p- --min-rate 5000

Starting Nmap 7.92 ( ) at 2022-10-08 16:50 CEST
Nmap scan report for
Host is up (0.033s latency).
Not shown: 65533 closed tcp ports (conn-refused)
22/tcp    open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
27017/tcp open  mongodb MongoDB 3.6.8
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at .
Nmap done: 1 IP address (1 host up) scanned in 15.69 seconds

As we can see in the Nmap results we hava a MongoDB version 3.6.8

MongoDB is a NoSQL database.
You can find more information in their documentation here:

To be able to interact with the db, we need to install the MongoDB package into our Kali Linux.

it is included in the Kali repository, so we just need to use our apt.

$ sudo apt install mongodb

We try to connect and we realise that anonymous users can connect to, so no credentials are needed.

$ mongo mongodb://

MongoDB shell version v6.0.1
connecting to: mongodb://
Implicit session: session { "id" : UUID("d732a698-b4ef-42d3-b3ae-d608e4802c33") }
MongoDB server version: 3.6.8
WARNING: shell and server versions do not match
Warning: the "mongo" shell has been superseded by "mongosh",
which delivers improved usability and compatibility.The "mongo" shell has been deprecated and will be removed in
an upcoming release.
For installation instructions, see
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
Questions? Try the MongoDB Developer Community Forums
The server generated these startup warnings when booting: 
2022-10-08T14:49:44.575+0000 I STORAGE  [initandlisten] 
2022-10-08T14:49:44.575+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2022-10-08T14:49:44.575+0000 I STORAGE  [initandlisten] **          See
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] 
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2022-10-08T14:49:48.017+0000 I CONTROL  [initandlisten] 

Now we can list the databases available in the server with show dbs command.

>show dbs

admin                  0.000GB
config                 0.000GB
local                  0.000GB
sensitive_information  0.000GB
users                  0.000GB

With use <database_name> we can switch to the corresponding database.

>use sensitive_information

switched to db sensitive_information

show collections will print a list of all collections for the current database.

>show collections


db.collection.find().pretty() find all documents in the collection and return the content in a format that is easy to read.


	"_id" : ObjectId("630e3dbcb82540ebbd1748c5"),


Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *