Mongod

1MB

Mongod_Write_Up.pdf

pdf

Task 1: How many TCP ports are open on the machine?

• Quick nmap scan shows 2 tcp ports open

Task 2: Which service is running on port 27017 of the remote host?

• Run a quick nmap scan:

nmap -sV -p 27017 [IP]

• Version --> MongoDB 3.6.8

Task 3: What type of database is MongoDB? (Choose: SQL or NoSQL)

• A quick google search shows it is a noSQL

Task 4: What is the command name for the Mongo shell that is installed with the mongodb-clients package?

• The command name is just "mongo"

Task 5: What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)

• Reviewing the write up, there is a section after connecting to the database that shows the command: "show dbs"

Task 6: What is the command used for listing out the collections in a database? (No need to include a trailing ;)

• In the write up the command is "show collections"

Task 7: What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?

• Looking in the write up shows the command is db.flag.find().pretty()

Submit the Flag:

• Start by installing mongodb to your hackbox.

• Follow the steps in the write up to do this.

• Once you have it installed, access the database with:

./mongo mongodb://10.129.70.122:27017

• Next show what databases are available with "show dbs":

  • 

• Switch to "sensitive_information" with "use" command:

  • 

• Next is to show the collections in this database:

  • 

• To open the flag, use the following command:

  •