Accessing Unauthenticated MongoDB Database Using Shodan

hacktivist
4 min readNov 3, 2019

--

Hello everyone today i am going to write on “how to access open mongoDB database using shodan query”. I found that there are very less resources to guide beginners into getting started and understanding how infrastructure works. The present resources just give a gist about the topic and are not sufficient and up to date. So without wasting anytime let’s get started.

~Firstly it is important to clear some basics before proceeding further and behaving like a script kiddie. In short MongoDB is a cross platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schema. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License (SSPL). https://www.mongodb.com/what-is-mongodb

~Why should we use MongoDB? Of course, your choice of database is always a decision based on pros and cons.

Pros

  • Document oriented.
  • High performance.
  • High availability — Replication.
  • High scalability — Sharding.
  • Dynamic — No rigid schema.
  • Flexible — field addition/deletion have less or no impact on the application.
  • Heterogeneous Data.
  • No Joins.
  • Distributed.
  • Data Representation in JSON or BSON.
  • Geospatial support.
  • Easy Integration with BigData Hadoop.
  • Document-based query language that’s nearly as powerful as SQL.
  • Cloud distributions such as AWS, Microsoft, RedHat,dotCloud and SoftLayer etc:-. In fact, MongoDB is built for the cloud. Its native scale-out architecture, enabled by ‘sharding,’ aligns well with the horizontal scaling and agility afforded by cloud computing.

Cons

  • A downside of NoSQL is that most solutions are not as strongly ACID-compliant (Atomic, Consistency, Isolation, Durability) as the more well-established RDBMS systems.
  • Complex transaction.
  • No function or stored procedure exists where you can bind the logic.

~List of default ports for MongoDB database (we would be working with them so it’s important to know them):

  1. 27017
  2. 27018
  3. 27019

Now we can begin our open database hunting work using shodan queries. Open https://www.shodan.io/ on your web browser.

shodan.io greeting page.

Go to search bar located at the top left corner of the page and search this query: "MongoDB Server Information" port:27017 -authentication

MongoDB database in China.

After typing the above shodan query you will be greeted with a page showing database IP address, banner, size of database, database inside a database,etc as shown in the above picture. Now it is important to understand what the above typed shodan query does? “MongoDB Server Information” port:27017 -authentication will retrieve MongoDB servers (also known as database)from shodan database running on port number 27017. Scroll around the results and search for other databases. Remember: shodan displays first 2 pages for basic account users.

~Now moving on to other search query a deadly one. Use shodan query: "Set-Cookie: mongo-express=" "200 OK"

and you will be greeted with such results as seen below.

An open MongoDB database located in Japan.

Now let us understand what this shodan search query did? “Set-Cookie: mongo-express=” “200 OK’ retrieves MongoDB express database from shodan that outputs 200 HTTP code that is ‘OK’ code (request successful). Hence it gives open database in search results output. Going a bit off-topic to have a look here for better understanding of HTTP codes: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#2xx_Success

Open bank database leaking sensitive user information.

~Few resources that tells why this hack is so dangerous

~CLI tool for doing similar task:

https://www.kitploit.com/2019/01/leaklooker-find-open-databases-with.html

--

--

hacktivist

Cybersecurity enthusiast | Blogger | Blockchain security