Mongod

Task 1: How many TCP ports are open on the machine?

  • Quick nmap scan shows 2 tcp ports open

Task 2: Which service is running on port 27017 of the remote host?

  • Run a quick nmap scan:

nmap -sV -p 27017 [IP]
  • Version --> MongoDB 3.6.8

Task 3: What type of database is MongoDB? (Choose: SQL or NoSQL)

  • A quick google search shows it is a noSQL

Task 4: What is the command name for the Mongo shell that is installed with the mongodb-clients package?

  • The command name is just "mongo"

Task 5: What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)

  • Reviewing the write up, there is a section after connecting to the database that shows the command: "show dbs"

Task 6: What is the command used for listing out the collections in a database? (No need to include a trailing ;)

  • In the write up the command is "show collections"

Task 7: What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?

  • Looking in the write up shows the command is db.flag.find().pretty()

Submit the Flag:

  • Start by installing mongodb to your hackbox.

  • Follow the steps in the write up to do this.

  • Once you have it installed, access the database with:

./mongo mongodb://10.129.70.122:27017
  • Next show what databases are available with "show dbs":

  • Switch to "sensitive_information" with "use" command:

  • Next is to show the collections in this database:

  • To open the flag, use the following command:

Last updated