-
Notifications
You must be signed in to change notification settings - Fork 2k
/
mongodb2john.js
27 lines (24 loc) · 1.03 KB
/
mongodb2john.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/*
* This software is Copyright (c) 2016 AverageSecurityGuy <stephen at averagesecurityguy.info>,
* and it is hereby released to the general public under the following terms:
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*/
// https://averagesecurityguy.github.io/2016/04/29/finding-and-exploiting-mongodb/
// Usage: mongo admin mongodb2john.js
// mongo [hostname]:[port]/[database_name] mongodb2john.js
try {
cursor = db.system.users.find();
while ( cursor.hasNext() ) {
c = cursor.next();
if (c['credentials']['MONGODB-CR']) {
print(c['user'] + '-' + c['db'] + ':' + '$mongodb$0$' + c['user'] + '$' + c['credentials']['MONGODB-CR']);
print(c['user'] + ':' + '$dynamic_1550$' + c['credentials']['MONGODB-CR']);
}
if (c['credentials']['SCRAM-SHA-1']) {
s = c['credentials']['SCRAM-SHA-1'];
shash = '$scram$' + c['user'] + '$' + s['iterationCount'] + '$' + s['salt'] + '$' + s['storedKey'];
print(c['user'] + '-' + c['db'] + ':' + shash);
}
}
} catch(err) {}