This suite consists of two different scripts, made to automate attacks against NoSQL databases.

Last update: Dec 26, 2022

Overview

NoSQL-Attack-Suite

This suite consists of two different scripts, made to automate attacks against NoSQL databases. The first one looks for a NoSQL Auth Bypass in login forms, while the other one can be used to dump credentials from the database if a NoSQL Auth Bypass is possible. These scripts have been tested on Mango and NodeBlog machines from HackTheBox (HTB). Thanks to @IppSec and @an0nlk for giving me ideas about these scripts.

nosql-login-bypass.py

Description

This script checks for GET,POST and JSON encoded POST requests to find a possible NoSQL Auth Bypass. For every type of request it injects a "template" invalid credential and an Auth Bypass Payload. Then it compares both status code and body of the responses to find discrepancies.

Usage

usage: ./nosql-login-bypass.py [-h] [-t T] [-u U] [-p P] [-o O]
optional arguments:
  -h, --help  show this help message and exit
  -t T        Target URL
  -u U        Username parameter
  -p P        Password parameter
  -o O        Other parameters, separated by comma

Example

./nosql-login-bypass.py -t http://staging-order.mango.htb -u username -p password -o "login=login"

The result will express if the login's form is vulnerable to the attack, and in particular for which type of request.

nosql-login-enum.py

Description

This script dumps credentials from the database, character by character. To make this script work, you need to specify the vulnerable request, the response's code and a string from the response's body of an Auth Bypass correctly done.

Usage

usage: ./nosql-login-enum.py [-h] [-t T] [-u U] [-p P] [-o O] [-m M] [-c C] [-s S] [--json]
optional arguments:
  -h, --help  show this help message and exit
  -t T        Target URL
  -u U        Username parameter
  -p P        Password parameter
  -o O        Other parameters, separated by comma
  -m M        Mode: GET or POST
  -c C        Response's code for correct injection
  -s S        Response's string for correct injection
  --json      Json encoded POST request

Example

./nosql-login-enum.py -t http://10.10.11.139/login -u user -p password -m POST -c 200 -s "UHC" --json

This will dump usernames and passwords from the database.

Notes

If there is any problem, feel free to send your pull requests :)

This suite consists of two different scripts, made to automate attacks against NoSQL databases.

Related tags

Overview

NoSQL-Attack-Suite

nosql-login-bypass.py

Description

Usage

Example

nosql-login-enum.py

Description

Usage

Example

Notes

Owner

Scripts to integrate DFIR-IRIS, MISP and TimeSketch

Scitizen - Help scientific research for the benefit of mankind and humanity 🔬

Covid-ml-predictors - COVID predictions using AI.

Object-oriented programming exercise session held in Petnica.

Alfred 4 Workflow to search through your maintained/watched/starred GitHub repositories.

This is a python package to get wards, districts,cities and provinces in Zimbabwe

This is a Blender 2.9 script for importing mixamo Models to Godot-3

A class to draw curves expressed as L-System production rules

App to get data from popular polish pages with job offers

A log likelihood fit for extracting neutrino oscillation parameters

A OBS service to package a published repository into a tar.gz file

Manjaro CN Repository

Module 2's katas from Launch X's python introduction course.

A simple BrainF**k compiler written in Python

Custom Weapons 3 attribute support for Custom Weapons X

The third home of the bare Programming Language (1st there's my heart, the forest came second and then there's Github :)

Block when attacker want to bypass the limit of request

Sodium is a general purpose programming language which is instruction-oriented (a new programming concept that we are developing and devising) [Still developing...]

Google Foobar challenge solutions from my experience and other's on the web.

Distributed behavioral experiments