MongoDB
[dwight@paper hubot]$ mongo -u rocket -p 'my$ecretPass'
MongoDB shell version v4.0.27
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
implicit session: session { "id" : UUID("a5496e38-f86e-4cca-9d59-1bb81668febd") }
mongodb server version: 4.0.27
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
server has startup warnings:
2023-06-07t03:22:36.168-0400 I CONTROL [initandlisten]
2023-06-07t03:22:36.168-0400 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2023-06-07t03:22:36.168-0400 I CONTROL [initandlisten] ** We suggest setting it to 'never'
2023-06-07t03:22:36.168-0400 I CONTROL [initandlisten]
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).
The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.
To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
rs01:PRIMARY>Connecting to the MongoDB instance with the credential extracted from the earlier PEAS scan
rs01:PRIMARY> show dbs
admin 0.000GB
config 0.000GB
local 0.005GB
rocketchat 0.007GB2 of the 4 DBs are populated
rs01:PRIMARY> use local
switched to db local
rs01:PRIMARY> show collections
oplog.rs
replset.election
replset.minvalid
replset.oplogTruncateAfterPoint
startup_log
system.replsetThe local DB contains a few collection within
These seem rather irrelvant
rs01:PRIMARY> use rocketchat
switched to db rocketchat
rs01:PRIMARY> show collections
_raix_push_app_tokens
instances
meteor_accounts_loginServiceConfiguration
meteor_oauth_pendingCredentials
meteor_oauth_pendingRequestTokens
migrations
omnichannel_auto_close_on_hold_scheduler
omnichannel_scheduler
rocketchat__trash
rocketchat_analytics
rocketchat_apps
rocketchat_apps_logs
rocketchat_apps_persistence
rocketchat_apps_scheduler
rocketchat_avatars
rocketchat_avatars.chunks
rocketchat_avatars.files
rocketchat_banner
rocketchat_banner_dismiss
rocketchat_canned_response
rocketchat_credential_tokens
rocketchat_cron_history
rocketchat_custom_emoji
rocketchat_custom_sounds
rocketchat_custom_user_status
rocketchat_email_inbox
rocketchat_email_message_history
rocketchat_export_operations
rocketchat_federation_dns_cache
rocketchat_federation_keys
rocketchat_federation_room_events
rocketchat_federation_servers
rocketchat_import
rocketchat_import_data
rocketchat_integration_history
rocketchat_integrations
rocketchat_invites
rocketchat_livechat_agent_activity
rocketchat_livechat_business_hours
rocketchat_livechat_custom_field
rocketchat_livechat_department
rocketchat_livechat_department_agents
rocketchat_livechat_external_message
rocketchat_livechat_inquiry
rocketchat_livechat_page_visited
rocketchat_livechat_priority
rocketchat_livechat_tag
rocketchat_livechat_trigger
rocketchat_livechat_unit_monitors
rocketchat_livechat_visitor
rocketchat_message
rocketchat_message_read_receipt
rocketchat_notification_queue
rocketchat_nps
rocketchat_nps_vote
rocketchat_oauth_apps
rocketchat_oembed_cache
rocketchat_omnichannel_queue
rocketchat_permissions
rocketchat_reports
rocketchat_roles
rocketchat_room
rocketchat_server_events
rocketchat_sessions
rocketchat_settings
rocketchat_smarsh_history
rocketchat_statistics
rocketchat_subscription
rocketchat_team
rocketchat_team_member
rocketchat_uploads
rocketchat_user_data_files
rocketchat_webdav_accounts
ufsTokens
users
usersSessionsWhile the rocketchat DB contains a lot more collections, the rocketchat.users collection seems particularly interesting
rs01:PRIMARY> db.users.find()
{ "_id" : "3pACoij7SH35924pr", "createdAt" : ISODate("2021-06-18T10:09:48.865Z"), "services" : { "password" : { "bcrypt" : "$2b$10$8YK6lETP1X0Ad3NOTer91eGVDGOL6hbUTmL92GI6NzlNgFRW9gFju" }, "resume" : { "loginTokens" : [ ] } }, "username" : "catlover", "emails" : [ { "address" : "catlover@aol.com", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-20T07:42:04.575Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Angela", "requirePasswordChange" : false, "settings" : { }, "lastLogin" : ISODate("2021-06-18T10:16:35.425Z"), "statusConnection" : "offline", "utcOffset" : -4, "statusText" : "", "avatarETag" : "4hEQXscy32FsLJSR7", "avatarOrigin" : "rest" }
{ "_id" : "5iP6aLxNrs8E5S47Q", "createdAt" : ISODate("2021-07-01T15:21:50.153Z"), "services" : { "password" : { "bcrypt" : "$2b$10$dzkpxs8AzjGRwgqT.jaxeeYT7zhtP7dxHOmoTdq/9Xb/VaI.qhQyS" } }, "username" : "DunMiffsys", "emails" : [ { "address" : "dunmiffsys@office.paper", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-07-01T15:24:36.099Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "anonymous" ], "name" : "DunMiff/sys", "nickname" : "DunMiffsys", "requirePasswordChange" : false, "settings" : { }, "statusText" : "" }
{ "_id" : "BcPDYqH4boQNR3nbE", "createdAt" : ISODate("2021-06-21T19:19:40.976Z"), "services" : { "password" : { "bcrypt" : "$2b$10$Qs0CeVSscuuF9y30h/0Pz.TnXLQHwBa6ig5xG34oRu8pXqN55mmG2" }, "email" : { "verificationTokens" : [ { "token" : "HWwFiGdYoIt5P1LG35gOVsxeNYPL9hPJ3nk9S5w_RqL", "address" : "stanhudson@office.paper", "when" : ISODate("2021-06-23T16:02:52.798Z") } ] } }, "username" : "stanhudson", "emails" : [ { "address" : "stanhudson@office.paper", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:02:52.811Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Stanley Hudson", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "8FkwWpY62pnZ2dQnm", "avatarOrigin" : "rest" }
{ "_id" : "DPq2mKNh9m5wENM2p", "createdAt" : ISODate("2021-06-20T08:13:19.332Z"), "services" : { "password" : { "bcrypt" : "$2b$10$DlF8LbKkWOqsDvaXOc9.oekOUfIainTHBwK3Rkz1vbeb3MzZ44Sje" }, "email" : { "verificationTokens" : [ { "token" : "QgIeuZcEayLDvSidG2ibd1B3-gPDPI2lIFFPtP-hStx", "address" : "meredithpalmer@office.paper", "when" : ISODate("2021-06-23T16:01:19.846Z") } ] } }, "username" : "meredithpalmer", "emails" : [ { "address" : "meredithpalmer@office.paper", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:01:19.856Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Meredith", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "49pxS3jA7S24KfsG3", "avatarOrigin" : "rest" }
{ "_id" : "MdJX6Kdc3STveZu4Y", "createdAt" : ISODate("2021-06-18T09:58:14.879Z"), "services" : { "password" : { "bcrypt" : "$2b$10$iEOwSv608PumQHjJPXI3eup9RHqv1xbQ8gT5B3IXsGIsCsMTz5ClG" }, "resume" : { "loginTokens" : [ ] } }, "username" : "kellylikescupcakes", "emails" : [ { "address" : "kellylikescupcakes@aol.com", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-09-15T15:48:04.044Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Kelly", "nickname" : "kellylikescupcakes", "requirePasswordChange" : false, "settings" : { }, "lastLogin" : ISODate("2021-06-18T15:29:45.137Z"), "statusConnection" : "offline", "utcOffset" : -4, "statusText" : "", "avatarETag" : "nyPiX8DDFzg6ZtgjR", "avatarOrigin" : "rest" }
{ "_id" : "NQ2JvGXL8gr7msi7o", "createdAt" : ISODate("2021-06-20T07:46:29.345Z"), "services" : { "password" : { "bcrypt" : "$2b$10$/cJP4GwpPC9aMmBtWTDUjupKfgxAwRgECMiKGRFFkxpteRzIKy57W" }, "resume" : { "loginTokens" : [ ] } }, "username" : "nick", "emails" : [ { "address" : "the8thitguy@office.htb", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2022-01-12T07:50:47.882Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "admin" ], "name" : "nick", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "cNdxrAfP7Pr5WCirT", "avatarOrigin" : "rest", "lastLogin" : ISODate("2021-09-16T12:36:58.553Z"), "statusConnection" : "offline", "utcOffset" : -4 }
{ "_id" : "Q74BkesCHPaRKYjak", "createdAt" : ISODate("2021-06-21T19:37:01.834Z"), "services" : { "password" : { "bcrypt" : "$2b$10$yAOANsYzTkbgZDR4lkOyjeuc2k4hptjF6ENIutY/rJfPMotk5XbeS" } }, "username" : "hrtoby", "emails" : [ { "address" : "hrtoby@btiffin.com", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-09-15T15:44:56.045Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Toby", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "CqFFEbHsDwMQnh4Xz", "avatarOrigin" : "rest" }
{ "_id" : "SrtTqJwvCRmCNErxD", "createdAt" : ISODate("2021-06-18T09:35:02.509Z"), "services" : { "password" : { "bcrypt" : "$2b$10$NkD6p1gFEPevcklmAAS9..1eRjY78SCXdixtdAnj0Qsucpp8aQCHi" }, "resume" : { "loginTokens" : [ ] }, "email" : { "verificationTokens" : [ { "token" : "Vu3pBr644wVCvQkYA79JVYzxq8Hv2MFSXiiwhq_gVV9", "address" : "dwightkschrute@aol.com", "when" : ISODate("2021-07-01T15:19:44.423Z") } ] } }, "username" : "DwightKSchrute", "emails" : [ { "address" : "dwightkschrute@aol.com", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-07-01T15:19:44.454Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Dwight", "nickname" : "dwight", "requirePasswordChange" : false, "settings" : { }, "lastLogin" : ISODate("2021-06-18T10:30:49.846Z"), "statusConnection" : "offline", "utcOffset" : -4, "statusText" : "", "avatarETag" : "zBgJbDdyr4jyRMpTs", "avatarOrigin" : "rest" }
{ "_id" : "W2dajtnh4g9Eakc4d", "createdAt" : ISODate("2021-06-17T19:59:32.416Z"), "services" : { "password" : { "bcrypt" : "$2b$10$5kZsSQZym0ySZLqIx4z8eu4KHER85REJcLmj.qI2slkn47xbCXu6K" }, "resume" : { "loginTokens" : [ ] } }, "username" : "JIM9334", "emails" : [ { "address" : "jim9334@aol.com", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-20T07:37:02.984Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Jim", "nickname" : "jim", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "lastLogin" : ISODate("2021-06-18T10:30:18.479Z"), "statusConnection" : "offline", "utcOffset" : -4, "avatarETag" : "DdBhzWmNF84rDipeX", "avatarOrigin" : "rest" }
{ "_id" : "WoxmTzWbvoijWkN5X", "createdAt" : ISODate("2021-06-17T18:42:28.112Z"), "services" : { "password" : { "bcrypt" : "$2b$10$N0GpxXJtfyxSGv33IzoSW.k4pHVxSYmainFu55SEIa/w6AoZJ4y7." }, "resume" : { "loginTokens" : [ { "when" : ISODate("2023-06-07T07:23:40.724Z"), "hashedToken" : "C/uMOjrono3vuA5VGRh1kT2Vi0bO27U6vuFxNLsSc3g=" }, { "when" : ISODate("2023-06-07T09:37:02.777Z"), "hashedToken" : "2AbNO8joeAqL6m6ZxHjigcTSl74fkbI21o8i3QxlUUM=" } ] } }, "username" : "recyclops", "emails" : [ { "address" : "recyclops@office.paper", "verified" : true } ], "type" : "user", "status" : "online", "active" : true, "_updatedAt" : ISODate("2023-06-07T09:51:56.642Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "bot" ], "bio" : "Earth people and Polluticon destroyed my Home planet.\n Now I will have my revenge after helping dwight!", "name" : "RecyclopsBot", "nickname" : "recyclops", "requirePasswordChange" : false, "settings" : { }, "lastLogin" : ISODate("2023-06-07T09:51:56.160Z"), "statusConnection" : "online", "utcOffset" : 2, "statusText" : "", "avatarETag" : "L9pEEpwebBTXPKgqJ", "avatarOrigin" : "rest" }
{ "_id" : "aLFDk9yzAhxp6JzrJ", "createdAt" : ISODate("2021-06-21T19:34:45.084Z"), "services" : { "password" : { "bcrypt" : "$2b$10$A.6Jbic0CwTLGqnUc/T1A.2.ssmSiaBAya9Mjlg21Slt.r893z8f6" } }, "username" : "phyllisbobvancefromvancerefigeration", "emails" : [ { "address" : "phyllisbobvancefromvancerefigeration@office.paper", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:02:25.889Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Phyllis Vance", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "XKtDM4fSXZ3Xf2Ncg", "avatarOrigin" : "rest" }
{ "_id" : "d22WtYvu9SDvMcTLC", "createdAt" : ISODate("2021-06-20T08:20:17.819Z"), "services" : { "password" : { "bcrypt" : "$2b$10$zErtvbv.YoPhkr26bs9p3OSZT5SsVB4oUgg5Z00qmG3m9oHnc/ELu" } }, "username" : "dwightschrute", "emails" : [ { "address" : "dwightschrute@office.htb", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-20T08:20:28.564Z"), "__rooms" : [ "GENERAL" ], "roles" : [ ], "name" : "Dwight Schrute", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "rAMJJeSFDGziAatoo", "avatarOrigin" : "rest" }
{ "_id" : "gtNuENR8pianEYMHt", "createdAt" : ISODate("2021-06-21T19:30:49.257Z"), "services" : { "password" : { "bcrypt" : "$2b$10$GuByrxcbF3OkEqPn05RI7uLbLZQ8f44PXXi9egRUm0xQrWh/Geq9G" }, "email" : { "verificationTokens" : [ { "token" : "esP1UJ_BoIWV09y2aoj3HcZ_Ve-SNNKYnxK70Eq7ji5", "address" : "wuphfryan@office.paper", "when" : ISODate("2021-06-23T16:02:45.693Z") } ] } }, "username" : "wuphfryan", "emails" : [ { "address" : "wuphfryan@office.paper", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:02:45.719Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Ryan", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "R4XbB4zfGpJbppFC8", "avatarOrigin" : "rest" }
{ "_id" : "ps6gjvimJ3DxeZA86", "createdAt" : ISODate("2021-06-17T18:30:20.795Z"), "services" : { "password" : { "bcrypt" : "$2b$10$Y06nyxknCoOY8zTk4V9L.OPCfuH2EtT8J8OZAWcBcJe6h/mi0SDBa" }, "email2fa" : { "enabled" : false, "changedAt" : ISODate("2021-06-17T18:30:20.795Z") }, "email" : { "verificationTokens" : [ { "token" : "vkGpG3kJGi3Cfj9ju7tPgRfRgByKgwZGXKKcI3pfVZx", "address" : "mike@dmiflin.htb", "when" : ISODate("2021-06-17T18:30:20.813Z") } ] }, "resume" : { "loginTokens" : [ ] }, "emailCode" : [ { "code" : "$2b$10$xWbMqoexpt4HhJ2rBjNIrus9PyWScUT7JALaRGLoVOOrdBybphkYy", "expire" : ISODate("2021-06-18T08:58:15.123Z") } ] }, "emails" : [ { "address" : "mike@office.paper", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-07-03T14:17:33.972Z"), "roles" : [ "user" ], "name" : "Michael Scott", "lastLogin" : ISODate("2021-07-03T14:17:09.365Z"), "statusConnection" : "offline", "username" : "prisonmike", "utcOffset" : 5.5, "__rooms" : [ "GENERAL" ], "statusText" : "", "requirePasswordChange" : false, "avatarETag" : "Lt5nBQ6hccJnrmjqg", "avatarOrigin" : "rest" }
{ "_id" : "qzPLDHsqfYEcJTMJu", "createdAt" : ISODate("2021-06-20T08:23:14.781Z"), "services" : { "password" : { "bcrypt" : "$2b$10$5Re5PvloLqcvk5BBvI.K3eGcN/2CmYFgntfwp7GrlcmWy06OC/N.e" }, "email" : { "verificationTokens" : [ { "token" : "djqXHron4DqLT3BWspYDeGGEXO-yhsvAwmf01L_srJE", "address" : "therealmeredithpalmer@office.paper", "when" : ISODate("2021-06-23T16:01:31.949Z") } ] } }, "username" : "realmeredithpalmer", "emails" : [ { "address" : "therealmeredithpalmer@office.paper", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:01:31.962Z"), "__rooms" : [ "GENERAL" ], "roles" : [ ], "name" : "Meredith Palmer", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "tKenMzo44RFRdEPeM", "avatarOrigin" : "rest" }
{ "_id" : "rocket.cat", "createdAt" : ISODate("2021-06-17T18:28:05.899Z"), "avatarOrigin" : "local", "name" : "Rocket.Cat", "username" : "rocket.cat", "status" : "online", "statusDefault" : "online", "utcOffset" : 0, "active" : true, "type" : "bot", "_updatedAt" : ISODate("2021-06-17T18:28:06.062Z"), "roles" : [ "bot" ], "avatarETag" : null }
{ "_id" : "siKFfAEiy9JnJwfCk", "createdAt" : ISODate("2021-06-20T08:01:59.069Z"), "services" : { "password" : { "bcrypt" : "$2b$10$MjDEvYGA5f3DIbX6tn51cOJ/zT//dFOVNkWf7qF02vQxBbuzlf05." }, "resume" : { "loginTokens" : [ ] } }, "username" : "realastonkutcher", "emails" : [ { "address" : "realastonkutcher@office.paper", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:01:10.537Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Kevin", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "WiGi6HYTadKj5Zf9q", "avatarOrigin" : "rest", "lastLogin" : ISODate("2021-06-21T19:41:40.685Z"), "statusConnection" : "offline", "utcOffset" : -4 }
{ "_id" : "umhc2LunPqcMxpuhB", "createdAt" : ISODate("2021-06-17T20:05:28.201Z"), "services" : { "password" : { "bcrypt" : "$2b$10$qxKoIi/xS2eAymFhq8FgeuDkxroBkR.TFZW2AB.1HqCbTH/nwfaOG" }, "resume" : { "loginTokens" : [ ] } }, "username" : "Receptionitis15", "emails" : [ { "address" : "Receptionitis15@aol.com", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-20T07:34:25.617Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Pam", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "nickname" : "pam", "lastLogin" : ISODate("2021-06-18T10:26:37.125Z"), "statusConnection" : "offline", "utcOffset" : -4, "avatarETag" : "8PtGntTXt6HyFMwB3", "avatarOrigin" : "rest" }
{ "_id" : "vzADtHxN58iiaNY95", "createdAt" : ISODate("2021-06-21T19:17:52.582Z"), "services" : { "password" : { "bcrypt" : "$2b$10$sTMOriIoRXLeW8LFtOrp2O7QuuizGgBkAKBPm/gKkhRkSg/noCDhK" } }, "username" : "actuallyoscar", "emails" : [ { "address" : "actuallyoscar@office.paper", "verified" : true } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:02:10.834Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Oscar", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "avatarETag" : "eNbvD2htfoiRER4Xc", "avatarOrigin" : "rest" }
{ "_id" : "w4LmaNZWjyBtDgjpp", "createdAt" : ISODate("2021-06-17T20:14:13.262Z"), "services" : { "password" : { "bcrypt" : "$2b$10$semdWX5bHqqC3aT6W1cBOO8dYWTuYGwFgO/5qqk8hbp8dz6.Vw5P6" }, "email" : { "verificationTokens" : [ { "token" : "bARU3a4dtlVn7Oi0NnfXHLeZDUV4TjSghc3lQkuJ5Y_", "address" : "creedthoughts@office.paper", "when" : ISODate("2021-06-23T16:00:51.067Z") } ] } }, "username" : "creedthoughts", "emails" : [ { "address" : "creedthoughts@office.paper", "verified" : false } ], "type" : "user", "status" : "offline", "active" : true, "_updatedAt" : ISODate("2021-06-23T16:00:51.086Z"), "__rooms" : [ "GENERAL" ], "roles" : [ "user" ], "name" : "Creed", "requirePasswordChange" : false, "settings" : { }, "statusText" : "", "bio" : " Later, skater", "avatarETag" : "DduKqSqtQW8eq8fdN", "avatarOrigin" : "rest" }
Type "it" for moreAs expected, the rocketchat.users collection contains the entire table of credentials for the Rocket.Chat instance
rs01:PRIMARY> db.users.find({}, { username: 1, "services.password.bcrypt": 1 })
{ "_id" : "3pACoij7SH35924pr", "services" : { "password" : { "bcrypt" : "$2b$10$8YK6lETP1X0Ad3NOTer91eGVDGOL6hbUTmL92GI6NzlNgFRW9gFju" } }, "username" : "catlover" }
{ "_id" : "5iP6aLxNrs8E5S47Q", "services" : { "password" : { "bcrypt" : "$2b$10$dzkpxs8AzjGRwgqT.jaxeeYT7zhtP7dxHOmoTdq/9Xb/VaI.qhQyS" } }, "username" : "DunMiffsys" }
{ "_id" : "BcPDYqH4boQNR3nbE", "services" : { "password" : { "bcrypt" : "$2b$10$Qs0CeVSscuuF9y30h/0Pz.TnXLQHwBa6ig5xG34oRu8pXqN55mmG2" } }, "username" : "stanhudson" }
{ "_id" : "DPq2mKNh9m5wENM2p", "services" : { "password" : { "bcrypt" : "$2b$10$DlF8LbKkWOqsDvaXOc9.oekOUfIainTHBwK3Rkz1vbeb3MzZ44Sje" } }, "username" : "meredithpalmer" }
{ "_id" : "MdJX6Kdc3STveZu4Y", "services" : { "password" : { "bcrypt" : "$2b$10$iEOwSv608PumQHjJPXI3eup9RHqv1xbQ8gT5B3IXsGIsCsMTz5ClG" } }, "username" : "kellylikescupcakes" }
{ "_id" : "NQ2JvGXL8gr7msi7o", "services" : { "password" : { "bcrypt" : "$2b$10$/cJP4GwpPC9aMmBtWTDUjupKfgxAwRgECMiKGRFFkxpteRzIKy57W" } }, "username" : "nick" }
{ "_id" : "Q74BkesCHPaRKYjak", "services" : { "password" : { "bcrypt" : "$2b$10$yAOANsYzTkbgZDR4lkOyjeuc2k4hptjF6ENIutY/rJfPMotk5XbeS" } }, "username" : "hrtoby" }
{ "_id" : "SrtTqJwvCRmCNErxD", "services" : { "password" : { "bcrypt" : "$2b$10$NkD6p1gFEPevcklmAAS9..1eRjY78SCXdixtdAnj0Qsucpp8aQCHi" } }, "username" : "DwightKSchrute" }
{ "_id" : "W2dajtnh4g9Eakc4d", "services" : { "password" : { "bcrypt" : "$2b$10$5kZsSQZym0ySZLqIx4z8eu4KHER85REJcLmj.qI2slkn47xbCXu6K" } }, "username" : "JIM9334" }
{ "_id" : "WoxmTzWbvoijWkN5X", "services" : { "password" : { "bcrypt" : "$2b$10$N0GpxXJtfyxSGv33IzoSW.k4pHVxSYmainFu55SEIa/w6AoZJ4y7." } }, "username" : "recyclops" }
{ "_id" : "aLFDk9yzAhxp6JzrJ", "services" : { "password" : { "bcrypt" : "$2b$10$A.6Jbic0CwTLGqnUc/T1A.2.ssmSiaBAya9Mjlg21Slt.r893z8f6" } }, "username" : "phyllisbobvancefromvancerefigeration" }
{ "_id" : "d22WtYvu9SDvMcTLC", "services" : { "password" : { "bcrypt" : "$2b$10$zErtvbv.YoPhkr26bs9p3OSZT5SsVB4oUgg5Z00qmG3m9oHnc/ELu" } }, "username" : "dwightschrute" }
{ "_id" : "gtNuENR8pianEYMHt", "services" : { "password" : { "bcrypt" : "$2b$10$GuByrxcbF3OkEqPn05RI7uLbLZQ8f44PXXi9egRUm0xQrWh/Geq9G" } }, "username" : "wuphfryan" }
{ "_id" : "ps6gjvimJ3DxeZA86", "services" : { "password" : { "bcrypt" : "$2b$10$Y06nyxknCoOY8zTk4V9L.OPCfuH2EtT8J8OZAWcBcJe6h/mi0SDBa" } }, "username" : "prisonmike" }
{ "_id" : "qzPLDHsqfYEcJTMJu", "services" : { "password" : { "bcrypt" : "$2b$10$5Re5PvloLqcvk5BBvI.K3eGcN/2CmYFgntfwp7GrlcmWy06OC/N.e" } }, "username" : "realmeredithpalmer" }
{ "_id" : "rocket.cat", "username" : "rocket.cat" }
{ "_id" : "siKFfAEiy9JnJwfCk", "services" : { "password" : { "bcrypt" : "$2b$10$MjDEvYGA5f3DIbX6tn51cOJ/zT//dFOVNkWf7qF02vQxBbuzlf05." } }, "username" : "realastonkutcher" }
{ "_id" : "umhc2LunPqcMxpuhB", "services" : { "password" : { "bcrypt" : "$2b$10$qxKoIi/xS2eAymFhq8FgeuDkxroBkR.TFZW2AB.1HqCbTH/nwfaOG" } }, "username" : "Receptionitis15" }
{ "_id" : "vzADtHxN58iiaNY95", "services" : { "password" : { "bcrypt" : "$2b$10$sTMOriIoRXLeW8LFtOrp2O7QuuizGgBkAKBPm/gKkhRkSg/noCDhK" } }, "username" : "actuallyoscar" }
{ "_id" : "w4LmaNZWjyBtDgjpp", "services" : { "password" : { "bcrypt" : "$2b$10$semdWX5bHqqC3aT6W1cBOO8dYWTuYGwFgO/5qqk8hbp8dz6.Vw5P6" } }, "username" : "creedthoughts" }
Type "it" for moreI will grab the password hashes and attempt to crack them
Unfortunately, hashcat was unable to crack any of the hashes