1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
local creds = require "creds"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local mongodb = stdnse.silent_require "mongodb"
description = [[
Attempts to get a list of tables from a MongoDB database.
]]
---
-- @usage
-- nmap -p 27017 --script mongodb-databases <host>
-- @output
-- PORT STATE SERVICE REASON
-- 27017/tcp open unknown syn-ack
-- | mongodb-databases:
-- | ok = 1
-- | databases
-- | 1
-- | empty = false
-- | sizeOnDisk = 83886080
-- | name = test
-- | 0
-- | empty = false
-- | sizeOnDisk = 83886080
-- | name = httpstorage
-- | 3
-- | empty = true
-- | sizeOnDisk = 1
-- | name = local
-- | 2
-- | empty = true
-- | sizeOnDisk = 1
-- | name = admin
-- |_ totalSize = 167772160
-- version 0.2
-- Created 01/12/2010 - v0.1 - created by Martin Holst Swende <martin@swende.se>
-- Revised 01/03/2012 - v0.2 - added authentication support <patrik@cqure.net>
author = "Martin Holst Swende"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
dependencies = {"mongodb-brute"}
portrule = shortport.port_or_service({27017}, {"mongodb", "mongod"})
function action(host,port)
local socket = nmap.new_socket()
-- set a reasonable timeout value
socket:set_timeout(10000)
-- do some exception / cleanup
local catch = function()
socket:close()
end
local try = nmap.new_try(catch)
try( socket:connect(host, port) )
-- ugliness to allow creds.mongodb to work, as the port is not recognized
-- as mongodb, unless a service scan was run
local ps = port.service
port.service = 'mongodb'
local c = creds.Credentials:new(creds.ALL_DATA, host, port)
for cred in c:getCredentials(creds.State.VALID + creds.State.PARAM) do
local status, err = mongodb.login(socket, "admin", cred.user, cred.pass)
if ( not(status) ) then
return err
end
end
port.service = ps
local req, result, packet, err, status
--Build packet
status, packet = mongodb.listDbQuery()
if not status then return result end-- Error message
--- Send packet
status, result = mongodb.query(socket, packet)
if not status then return result end-- Error message
port.version.name ='mongodb'
port.version.product='MongoDB'
nmap.set_port_version(host,port)
local output = mongodb.queryResultToTable(result)
if err ~= nil then
stdnse.log_error(err)
end
if result ~= nil then
return stdnse.format_output(true, output )
end
end
|