HTB Starting Point — Mongod
Box info | OS: Ubuntu (OpenSSH 8.2p1 Ubuntu 4ubuntu0.5) | Difficulty: Very Easy | Tier: 0 | Status: Starting Point Skills: MongoDB CLI, unauthenticated NoSQL enumeration, database inspection Pwned: 2026-04-27 TL;DR Mongod runs MongoDB 3.6.8 on port 27017 with no authentication required and bound to 0.0.0.0. A two-port scan finds SSH (22) and MongoDB (27017). Connecting with mongosh or mongo requires no credentials; listing databases reveals sensitive_information alongside a populated users database. The flag lives in sensitive_information.flag. Going further: the admin database contains a hashed admin credential (testadmin), and the users database has 25 ecommerce user records with MD5/SHA1 password hashes — none crackable with rockyou. Shell access via SSH brute-force also fails. The lesson: an unauthenticated MongoDB instance exposes your entire dataset to anyone who can reach port 27017. ...