27017,27018 - Pentesting MongoDB
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Hacking Insights Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements Stay informed with the newest bug bounties launching and crucial platform updates
MongoDB is an open source database management system that uses a document-oriented database model to handle diverse forms of data. It offers flexibility and scalability for managing unstructured or semi-structured data in applications like big data analytics and content management. Default port: 27017, 27018
Some MongoDB commnads:
All mongodb: "mongodb server information"
Search for full open mongodb servers: "mongodb server information" -"partially enabled"
Only partially enable auth: "mongodb server information" "partially enabled"
By default mongo does not require password. Admin is a common mongo database.
The nmap script: mongodb-brute will check if creds are needed.
Look inside /opt/bitnami/mongodb/mongodb.conf to know if credentials are needed:
Mongo Object IDs are 12-byte hexadecimal strings:
For example, here’s how we can dissect an actual Object ID returned by an application: 5f2459ac9fa6dc2500314019
5f2459ac: 1596217772 in decimal = Friday, 31 July 2020 17:49:32
9fa6dc: Machine Identifier
2500: Process ID
314019: An incremental counter
Of the above elements, machine identifier will remain the same for as long as the database is running the same physical/virtual machine. Process ID will only change if the MongoDB process is restarted. Timestamp will be updated every second. The only challenge in guessing Object IDs by simply incrementing the counter and timestamp values, is the fact that Mongo DB generates Object IDs and assigns Object IDs at a system level.
If you are root you can modify the mongodb.conf file so no credentials are needed (noauth = true) and login without credentials.
Hacking Insights Engage with content that delves into the thrill and challenges of hacking
Real-Time Hack News Keep up-to-date with fast-paced hacking world through real-time news and insights
Latest Announcements Stay informed with the newest bug bounties launching and crucial platform updates
Join server to communicate with experienced hackers and bug bounty hunters!
Join us on and start collaborating with top hackers today!
Example .
The tool , given a starting Object ID (you can create an account and get a starting ID), it sends back about 1000 probable Object IDs that could have possibly been assigned to the next objects, so you just need to bruteforce them.
Join server to communicate with experienced hackers and bug bounty hunters!
Join us on and start collaborating with top hackers today!
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.