πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • Initial Scan
  • Task 1
  • Task 2
  • Task 3
  • Task 4
  • Task 5
  • Task 6
  • Task 7
  • Task 8
Edit on GitHub
  1. HackTheBox
  2. Starting Point
  3. Tier 0

Mongod

Initial Scan

sudo nmap -p- -sT -sV -T4 -v 10.129.183.59
Starting Nmap 7.80 ( https://nmap.org ) at 2022-11-04 23:11 EDT
NSE: Loaded 45 scripts for scanning.
Initiating Ping Scan at 23:11
Scanning 10.129.183.59 [4 ports]
Completed Ping Scan at 23:11, 0.08s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:11
Completed Parallel DNS resolution of 1 host. at 23:11, 0.09s elapsed
Initiating Connect Scan at 23:11
Scanning 10.129.183.59 [65535 ports]
Discovered open port 22/tcp on 10.129.183.59
Discovered open port 27017/tcp on 10.129.183.59
Completed Connect Scan at 23:11, 19.21s elapsed (65535 total ports)
Initiating Service scan at 23:11
Scanning 2 services on 10.129.183.59
Completed Service scan at 23:12, 6.11s elapsed (2 services on 1 host)
NSE: Script scanning 10.129.183.59.
Initiating NSE at 23:12
Completed NSE at 23:12, 0.01s elapsed
Initiating NSE at 23:12
Completed NSE at 23:12, 0.00s elapsed
Nmap scan report for 10.129.183.59
Host is up (0.053s latency).
Not shown: 65533 closed ports
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
27017/tcp open  mongodb MongoDB 3.6.8
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 25.99 seconds
           Raw packets sent: 4 (152B) | Rcvd: 1 (28B)

Task 1

How many TCP ports are open on the machine?

Found from the initial scan

Answer: 2

Task 2

Which service is running on port 27017 of the remote host?

Found from the initial scan

Answer: MongoDB 3.6.8

Task 3

What type of database is MongoDB? (Choose: SQL or NoSQL)

As they only give us 2 options and it's more than 3 characters long, BUT also a google search will show: "MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas."

Answer: NoSQL

Task 4

What is the command name for the Mongo shell that is installed with the mongodb-clients package?

Google search and looking on their webpage reveal: "The mongo shell is included as part of the MongoDB server installation. If you have already installed the server, the mongo shell is installed to the same location as the server binary."

With this, lets connect to the mongo databse on the target machine

Answer: mongo

Task 5

What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)

Another google search.

Answer: show dbs

Task 6

What is the command used for listing out the collections in a database? (No need to include a trailing ;)

Similar to last answer just with collections rather than databases.

We see the secsitive_information database, so let use that.

Answer: show collections

Task 7

What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?

Googling around says "Using the db.collection.find() command." So we know our collection is called flag, use the collection name flag instead of the word collection.

Answer: db.flag.find().pretty()

Task 8

Submit the root flag

From previous command/task

Answer: 1b6e6fb359e7c40241b6d431427ba6ea

Last updated 1 year ago

But this doesn't give us the full answer. After more googling around I found mentioning the pretty() function.

πŸ“¦
this blog post