Hack the Box – Mongod

# Information:

Platform Name: Hack the Box

Machine Challenge: Mongod

Machine Status: Starting Point

Challenge Level: Very Easy

# Used Tools:

  • Linux
  • nmap
  • mongo
  • terminal

# Challenge Description:

This challenge has a list of questions that need to be answered in order to retrieve the flag. We will answer every question.

# Writeup:

Task 1:

How many TCP ports are open on the machine?

Answer: The answer is 2.

I performed an nmap scan as you can see in image 1, the ports that are opened are: 22 and 27017.

Image 1

The switch -p- scans all the ports on the localhost.


Task 2:

Which service is running on port 27017 of the remote host?

Answer: The service running on port 27017 is MongoDB 3.6.8.

To know this I performed an nmap scan but this time I specified the port and I used the switch -sV that tells the service/version info. So I used the following command:

sudo nmap -sV -p 27017 <your_IP_here>

You can see the output in image 2.

Image 2

Task 3:

What type of database is MongoDB? (Choose: SQL or NoSQL)

Answer: The answer is NoSQL.

NoSQL means Not only SQL, (Gillis, A., & Botelho, B., 2023)ยน.


Task 4:

What is the command name for the Mongo shell that is installed with the mongodb-clients package?

Answer: The command is mongo.

After knowing the command, I used it to connect to mongo database. You can see this in image 3.

Image 3

Task 5:

What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ; )

Answer: After a quick search on google I saw that the command used to list all the databases on MongoDB server was show dbs.

After using this command, The dbs that where listed where the following that you can see on image 4.

Image 4

So, in image 4 we have all the databases that are present in MongoDb server, and you can try to see what collections are inside of each one. To know how to do that I entered the command help and I was presented with the following:

Image 5

As you can see, in image 5, to set a current database you just need to enter the following command:

use <name_of_database_that_you_want_to_set_as_your_current_db_here>

In our case, the one that it’s of our interest is the “sensitive_information” db. So, I changed to “sensitive_information” (You can see this in image 6).

Image 6

Task 6:

What is the command used for listing out the collections in a database? (No need to include a trailing ; )

Answer: The command is show collections.

In image 5 you can see a lot of commands that are essential to navigate trough dbs and collections and you can see that the command that will list all the collections inside of “sensitive_information” db is “show collections”.

I entered this command and the output was the following:

Image 7

And here it is our flag.


Task 7:

What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?

Answer: The command is db.flag.find().pretty().

To see the flag and see it in a format that was easy to read I had to do a little bit of researching. So, I entered (once again) the command help to help me with this matter (you can go to image 5 and see the commands that I was present with). And because I wanted help with the commands that I could use in my collections,  I entered the command:

db.mycoll.help()

Note: In the command above, you should replace “mycoll” with the name of the collection you want to see the information of.


The command above helps with the collections methods. In other words, helps with the commands that we can use on our collection, and on our case tells us what command can we use to see the contents of collection flag. So, after I entered the command above, I was presented with the following:

Image 8

As you can see it’s a lot of commands and the list goes on. But with this command I couldn’t find the command that displays the flag in a format that is easy to read. But I did find that there’s a command that can help me with that, and that command is:

db.flag.find().help()

And the output was the following:

Image 9

So, as you can see in image 9, the rest of the command that would display the flag in a format that was easy or “pretty” to read was: pretty().

The complete command would be:

db.flag.find().pretty()

Submit flag:

And the contents of the flag collection where the following:

Image 10

The flag is:

Show flag
1b6e6fb359e7c40241b6d431427ba6ea


Bibliography:

  • ยนGillis, A., & Botelho, B. (2023). MongoDB. Accessed in January, 2024, on: https://www.techtarget.com/searchdatamanagement/definition/MongoDB

Thank you very much for reading!

Cheers,

SoBatista


Leave a Reply

Your email address will not be published. Required fields are marked *