HackTheBox - Starting Point -- Tier 0 --- Mongod
文章目录
- 一 题目
- 二 实验过程
一 题目
Tags
MongoDB、Web、Databases、Reconnaissance、Misconfiguration、Anonymous/Guest Access
译文:MongoDB、网络、数据库、侦察、配置错误、匿名/访客访问
Connect
To attack the target machine, you must be on the same network.Connect to the Starting Point VPN using one of the following options.
It may take a minute for HTB to recognize your connection.If you don't see an update after 2-3 minutes, refresh the page.
译文:要攻击目标机器,您必须位于同一网络上。使用以下选项之一连接到起点 VPN。
HTB 可能需要一分钟才能识别您的连接。如果 2-3 分钟后没有看到更新,请刷新页面。
SPAWN MACHINE
Spawn the target machine and the IP will show here.
译文:生成目标机器,IP 将显示在此处
TASK 1
How many TCP ports are open on the machine?
译文:服务器上开放了多少个端口?
答:2
TASK 2
Which service is running on port 27017 of the remote host?
译文:27017端口上运行的什么服务?
答:mongodb 3.6.8
TASK 3
What type of database is MongoDB? (Choose: SQL or NoSQL)
译文:MongoDB是哪种类型的数据库?
答:NoSQL
TASK 4
What is the command name for the Mongo shell that is installed with the mongodb-clients package?
译文:与 mongodb-clients 包一起安装的 Mongo shell 的命令名称是什么?
答:mongo
TASK 5
What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)
译文:用于列出 MongoDB 服务器上所有数据库的命令是什么?(不需要包含 ;)
答:show dbs
TASK 6
What is the command used for listing out the collections in a database? (No need to include a trailing ;)
译文:用于列出数据库中的集合的命令是什么?(不需要包含 ;)
答:show collections
TASK 7
What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?
译文:用于以易于阅读的格式存储名为 flag 的集合中的所有文档内容的命令是什么?
答:db.flag.find().pretty()
SUBMIT FLAG
Submit root flag
译文:提交根标志
二 实验过程
靶机ip地址:10.129.228.30
1.端口扫描
nmap -p- --min-rate=100 -sV 10.129.228.30
2.连接mongodb数据库,这里使用Navicat工具尝试进行匿名连接
3.连接成功,查找flag
