Skip to content

27017 - Pentesting mongo

MongoDB is a NoSQL document-based database management system. It is designed for storing and processing large amounts of data, and it allows for flexible and scalable document structure. MongoDB uses a JSON-like format for storing data and provides drivers for many programming languages for easy integration with applications.

nmap

sudo nmap -p 27017 -sC -sV -Pn $IP

mongo client

mongo <HOST>
mongo <HOST>:<PORT>
mongo <HOST>:<PORT>/<DB>

mongo <database> -u <username> -p '<password>'

show dbs
use <db>
show collections
db.<collection>.find()  #Dump the collection
db.<collection>.count() #Number of records of the collection
db.current.find({"username":"admin"})  #Find in current db the username admin