Physical attacks
Mobile Apps Pentesting
Pentesting

27017,27018 - Pentesting MongoDB

Basic Information

MongoDB is an open source database management system (DBMS) that uses a document-oriented database model which supports various forms of data. (From here)

Default port: 27017, 27018

PORT STATE SERVICE VERSION
27017/tcp open mongodb MongoDB 2.6.9 2.6.9

Enumerate

nmap -sV --script "mongo* and default" -p 27017 <IP> #By default all the nmap mongo enumerate scripts are used

Login

By default mongo does not require password. Admin is a common mongo database.

mongo <HOST>
mongo <HOST>:<PORT>
mongo <HOST>:<PORT>/<DB>
mongo <database> -u <username> -p '<password>'

The nmap script: mongodb-brute will check if creds are needed.

nmap -n -sV --script mongodb-brute -p 27017 <ip>

Look inside /opt/bitnami/mongodb/mongodb.conf to know if credentials are needed:

grep "noauth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#" #Not needed
grep "auth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#\|noauth" #Not needed

Post

If you are root you can modify the mongodb.conf file so no credentials are needed (noauth = true) and login without credentials.