User Tools


Mongo Pilfer (NetWars)

The first step with this challenge is to determine how to connect to the MongoDB database and based on the information from Holly Evergreen, I tried 'ps auxww'. These flags will give me the full command line and I can now see that the database is running on port 12121.

Hello dear player!  Won't you please come help me get my wish! 
I'm searching teacher's database, but all I find are fish! 
Do all his boating trips effect some database dilution? 
It should not be this hard for me to find the quiz solution! 

Find the solution hidden in the MongoDB on this system. 

elf@296885d72080:~$ ps auxww
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND 
elf          1  0.5  0.0  18508  3396 pts/0    Ss   09:00   0:00 /bin/bash 
mongo        9 19.0  0.1 1014592 61920 ?       Sl   09:00   0:01 /usr/bin/mongod --quiet --fork --port 12121 --bind_ip 127.0.0.1 --logpath=/tmp/mongo.log 
elf         48  0.0  0.0  34400  2876 pts/0    R+   09:00   0:00 ps auxww 

Connect to the database, using the mongo command and specifying the port.

elf@296885d72080:~$ mongo --port 12121 
MongoDB shell version v3.6.3 
connecting to: mongodb://127.0.0.1:12121/ 
MongoDB server version: 3.6.3 
Welcome to the MongoDB shell. 
For interactive help, type "help". 
For more comprehensive documentation, see 
        http://docs.mongodb.org/ 
Questions? Try the support group 
        http://groups.google.com/group/mongodb-user 
Server has startup warnings:  
2019-12-15T09:00:37.497+0000 I CONTROL  [initandlisten]  
2019-12-15T09:00:37.497+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database. 
2019-12-15T09:00:37.497+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted. 
2019-12-15T09:00:37.497+0000 I CONTROL  [initandlisten]  
2019-12-15T09:00:37.498+0000 I CONTROL  [initandlisten]  
2019-12-15T09:00:37.498+0000 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 
2019-12-15T09:00:37.498+0000 I CONTROL  [initandlisten] **        We suggest setting it to 'never' 
2019-12-15T09:00:37.498+0000 I CONTROL  [initandlisten]  

Next list all of the databases …

> db.adminCommand( {listDatabases: 1 } ) 
{ 
        "databases" : [ 
                { 
                        "name" : "admin", 
                        "sizeOnDisk" : 32768, 
                        "empty" : false 
                }, 
                { 
                        "name" : "elfu", 
                        "sizeOnDisk" : 262144, 
                        "empty" : false 
                }, 
                { 
                        "name" : "local", 
                        "sizeOnDisk" : 32768, 
                        "empty" : false 
                }, 
                { 
                        "name" : "test", 
                        "sizeOnDisk" : 32768, 
                        "empty" : false 
                } 
        ], 
        "totalSize" : 360448, 
        "ok" : 1 
} 

elfu looks interesting

> use elfu 
switched to db elfu 

Next, get a list of collection names. A collection is like a table.

> db.getCollectionNames() 
[ 
        "bait", 
        "chum", 
        "line", 
        "metadata", 
        "solution", 
        "system.js", 
        "tackle", 
        "tincan" 
] 

Let's see what is in 'solution'

> db.solution.find() 
{ "_id" : "You did good! Just run the command between the stars: ** db.loadServerScripts();displaySolution(); **" } 
> db.loadServerScripts();displaySolution(); 

          . 
       __/ __ 
            / 
       /.'o'.  
        .o.'. 
       .'.'o'. 
      o'.o.'.*. 
     .'.o.'.'.*. 
    .o.'.o.'.o.'. 
       [_____] 
        ___/ 
 

Congratulations!!