MongoDB

Checking for the MongoDB instance after gaining a foothold The presence of a MongoDB instance was initially suspected due to the target web application being vulnerable to a NoSQL injection after gaining a foothold, i found out that there is an active socket listening on the 127.0.0.1:27017, which gave away the idea because MongoDB listens on the port 23017 by default. At a later stage, PEAS picked up the configuration file that contained more information regarding the instance

mango@mango:/var/www$ ll staging
total 308
drwxr-xr-x 3 root root   4096 Sep 27  2019 ./
drwxr-xr-x 5 root root   4096 Sep 27  2019 ../
-rw-r--r-- 1 root root   3493 Sep 27  2019 home.php
-rw-r--r-- 1 root root   4374 Sep 27  2019 index.php
-rw-r--r-- 1 root root 288453 May 14  2018 mango.jpg
drwxr-xr-x 5 root root   4096 Sep 27  2019 vendor/

Checking the webroot directory of the staging-order.mango.htb host shows the index.php file, which handles the authentication

mango@mango:/var/www$ cat staging/index.php
<?php
require 'vendor/autoload.php'; 
session_start();
$client = new mongodb\client("mongodb://localhost:27017");
$collection = $client->mango->users;
$user = $collection->find(array("username"=>$_POST['username'],"password"=>$_POST['password']));
foreach($user as $obj)
{
	$_SESSION['username'] = $obj['username'];
	header('location: home.php');
}
?>
 
[...REDACTED...]

Checking into the file reveals the DB connection string and it doesn’t supply any credential I guess that there is somewhat of a “trust” relationship since the instance is running on the loopback address

mango@mango:/var/www$ mongo
MongoDB shell version v4.0.12
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
implicit session: session { "id" : UUID("b42087db-f2c7-4f41-8373-74ad2b1711ca") }
mongodb server version: 4.0.12
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
	http://docs.mongodb.org/
Questions? Try the support group
	http://groups.google.com/group/mongodb-user
server has startup warnings: 
2023-09-28t13:23:49.141+0000 I STORAGE  [initandlisten] 
2023-09-28t13:23:49.141+0000 I STORAGE  [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine
2023-09-28t13:23:49.141+0000 I STORAGE  [initandlisten] **          See http://dochub.mongodb.org/core/prodnotes-filesystem
2023-09-28t13:23:52.819+0000 I CONTROL  [initandlisten] 
2023-09-28t13:23:52.819+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2023-09-28t13:23:52.819+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2023-09-28t13:23:52.819+0000 I CONTROL  [initandlisten] 
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
 
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
 
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
 
>

so i logged in to the instance using the installed command line tool; mongo

> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB
mango   0.000GB

There are 4 databases

> use admin
switched to db admin
> show collections
system.version
> db.system.version.find()
{ "_id" : "featureCompatibilityVersion", "version" : "4.0" }
> use config
switched to db config
> show collections
system.sessions
> db.system.sessions.find()

Both admin and config DBs don’t have much going on

> use local
switched to db local
> show collections
startup_log
> db.startup_log.find()
{ "_id" : "mango-1569596350700", "hostname" : "mango", "startTime" : ISODate("2019-09-27T14:59:10Z"), "startTimeLocal" : "Fri Sep 27 14:59:10.700", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(13628), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.0g  2 Nov 2017", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569601959627", "hostname" : "mango", "startTime" : ISODate("2019-09-27T16:32:39Z"), "startTimeLocal" : "Fri Sep 27 16:32:39.627", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(897), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.0g  2 Nov 2017", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569602607988", "hostname" : "mango", "startTime" : ISODate("2019-09-27T16:43:27Z"), "startTimeLocal" : "Fri Sep 27 16:43:27.988", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(883), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.0g  2 Nov 2017", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569643700565", "hostname" : "mango", "startTime" : ISODate("2019-09-28T04:08:20Z"), "startTimeLocal" : "Sat Sep 28 04:08:20.565", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(987), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.0g  2 Nov 2017", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569681856151", "hostname" : "mango", "startTime" : ISODate("2019-09-28T14:44:16Z"), "startTimeLocal" : "Sat Sep 28 14:44:16.151", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(905), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569684132761", "hostname" : "mango", "startTime" : ISODate("2019-09-28T15:22:12Z"), "startTimeLocal" : "Sat Sep 28 15:22:12.761", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(908), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569684857895", "hostname" : "mango", "startTime" : ISODate("2019-09-28T15:34:17Z"), "startTimeLocal" : "Sat Sep 28 15:34:17.895", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(895), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569811967411", "hostname" : "mango", "startTime" : ISODate("2019-09-30T02:52:47Z"), "startTimeLocal" : "Mon Sep 30 02:52:47.411", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(942), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1569813348719", "hostname" : "mango", "startTime" : ISODate("2019-09-30T03:15:48Z"), "startTimeLocal" : "Mon Sep 30 03:15:48.719", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(907), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1570695765236", "hostname" : "mango", "startTime" : ISODate("2019-10-10T08:22:45Z"), "startTimeLocal" : "Thu Oct 10 08:22:45.236", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(856), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1570696385178", "hostname" : "mango", "startTime" : ISODate("2019-10-10T08:33:05Z"), "startTimeLocal" : "Thu Oct 10 08:33:05.178", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(900), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }
{ "_id" : "mango-1695907433253", "hostname" : "mango", "startTime" : ISODate("2023-09-28T13:23:53Z"), "startTimeLocal" : "Thu Sep 28 13:23:53.253", "cmdLine" : { "config" : "/etc/mongod.conf", "net" : { "bindIp" : "127.0.0.1", "port" : 27017 }, "processManagement" : { "timeZoneInfo" : "/usr/share/zoneinfo" }, "storage" : { "dbPath" : "/var/lib/mongodb", "journal" : { "enabled" : true } }, "systemLog" : { "destination" : "file", "logAppend" : true, "path" : "/var/log/mongodb/mongod.log" } }, "pid" : NumberLong(988), "buildinfo" : { "version" : "4.0.12", "gitVersion" : "5776e3cbf9e7afe86e6b29e22520ffb6766e95d4", "modules" : [ ], "allocator" : "tcmalloc", "javascriptEngine" : "mozjs", "sysInfo" : "deprecated", "versionArray" : [ 4, 0, 12, 0 ], "openssl" : { "running" : "OpenSSL 1.1.1  11 Sep 2018", "compiled" : "OpenSSL 1.1.1  11 Sep 2018" }, "buildEnvironment" : { "distmod" : "ubuntu1804", "distarch" : "x86_64", "cc" : "/opt/mongodbtoolchain/v2/bin/gcc: gcc (GCC) 5.4.0", "ccflags" : "-fno-omit-frame-pointer -fno-strict-aliasing -ggdb -pthread -Wall -Wsign-compare -Wno-unknown-pragmas -Winvalid-pch -Werror -O2 -Wno-unused-local-typedefs -Wno-unused-function -Wno-deprecated-declarations -Wno-unused-but-set-variable -Wno-missing-braces -fstack-protector-strong -fno-builtin-memcmp", "cxx" : "/opt/mongodbtoolchain/v2/bin/g++: g++ (GCC) 5.4.0", "cxxflags" : "-Woverloaded-virtual -Wno-maybe-uninitialized -std=c++14", "linkflags" : "-pthread -Wl,-z,now -rdynamic -Wl,--fatal-warnings -fstack-protector-strong -fuse-ld=gold -Wl,--build-id -Wl,--hash-style=gnu -Wl,-z,noexecstack -Wl,--warn-execstack -Wl,-z,relro", "target_arch" : "x86_64", "target_os" : "linux" }, "bits" : 64, "debug" : false, "maxBsonObjectSize" : 16777216, "storageEngines" : [ "devnull", "ephemeralForTest", "mmapv1", "wiredTiger" ] } }

The local DB contains a startup log

> use mango
switched to db mango
> show collections
users
> db.users.find()
{ "_id" : ObjectId("5d8e25334f3bf1432628927b"), "username" : "admin", "password" : "t9KcS3>!0B#2" }
{ "_id" : ObjectId("5d8e25364f3bf1432628927c"), "username" : "mango", "password" : "h3mXK8RhU~f{]f5H" }

Lastly, the mango DB contains the user data that I have previously exfiltrated

InfoSec LAB

Explorer

Mango_MongoDB

MongoDB

Interactive Graph View

Backlinks