Task
- How many TCP ports are open on the machine?
- 2
- Which service is running on port 27017 of the remote host?
- MongoDB 3.6.8
- What type of database is MongoDB? (Choose: SQL or NoSQL)
- NoSQL
- What command is used to launch the interactive MongoDB shell from the terminal?
- mongosh
- What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)
- show dbs
- What is the command used for listing out the collections in a database? (No need to include a trailing ;)
- Show collections
- What command is used to dump the content of all the documents within the collection named flag?
- db.flag.find()
MongoDB
https://blog.e-zest.com/basic-commands-for-mongodb
- ./mongosh mongodb://{target_IP}:27017 접속
- show dbs
- use DATABASE_NAME
- Show collections
- db.COLLECTION_NAME.find() → 값 출력
Write Up
nmap -p- --min-rate 5000 -sV -Pn 10.129.13.246로 포트 스캐닝을 해준다.
`mongosh {ip}:{port}` 로 mongoDB에 접속할 수 있다.
`show dbs`로 db 리스트들을 확인하고 `use db명` 으로 db선택해서 리스트를 구경해봤다.
flag가 존재하니 `db.flag.find()` 로 읽어준다.
'HackTheBox' 카테고리의 다른 글
| [Tier1] Appointment (SQLi) (0) | 2026.04.04 |
|---|---|
| [Tier0] Synced (rsync) (0) | 2026.03.28 |
| [Tier0] Preignition (gobuster) (0) | 2026.03.28 |
| [Tier0] Explosion (rdp) (0) | 2026.03.28 |
| [Tier0] Redeemer (redis) (1) | 2026.03.27 |