This suite consists of two different scripts, made to automate attacks against NoSQL databases.

Last update: Dec 26, 2022

Overview

NoSQL-Attack-Suite

This suite consists of two different scripts, made to automate attacks against NoSQL databases. The first one looks for a NoSQL Auth Bypass in login forms, while the other one can be used to dump credentials from the database if a NoSQL Auth Bypass is possible. These scripts have been tested on Mango and NodeBlog machines from HackTheBox (HTB). Thanks to @IppSec and @an0nlk for giving me ideas about these scripts.

nosql-login-bypass.py

Description

This script checks for GET,POST and JSON encoded POST requests to find a possible NoSQL Auth Bypass. For every type of request it injects a "template" invalid credential and an Auth Bypass Payload. Then it compares both status code and body of the responses to find discrepancies.

Usage

usage: ./nosql-login-bypass.py [-h] [-t T] [-u U] [-p P] [-o O]
optional arguments:
  -h, --help  show this help message and exit
  -t T        Target URL
  -u U        Username parameter
  -p P        Password parameter
  -o O        Other parameters, separated by comma

Example

./nosql-login-bypass.py -t http://staging-order.mango.htb -u username -p password -o "login=login"

The result will express if the login's form is vulnerable to the attack, and in particular for which type of request.

nosql-login-enum.py

Description

This script dumps credentials from the database, character by character. To make this script work, you need to specify the vulnerable request, the response's code and a string from the response's body of an Auth Bypass correctly done.

Usage

usage: ./nosql-login-enum.py [-h] [-t T] [-u U] [-p P] [-o O] [-m M] [-c C] [-s S] [--json]
optional arguments:
  -h, --help  show this help message and exit
  -t T        Target URL
  -u U        Username parameter
  -p P        Password parameter
  -o O        Other parameters, separated by comma
  -m M        Mode: GET or POST
  -c C        Response's code for correct injection
  -s S        Response's string for correct injection
  --json      Json encoded POST request

Example

./nosql-login-enum.py -t http://10.10.11.139/login -u user -p password -m POST -c 200 -s "UHC" --json

This will dump usernames and passwords from the database.

Notes

If there is any problem, feel free to send your pull requests :)

This suite consists of two different scripts, made to automate attacks against NoSQL databases.

Related tags

Overview

NoSQL-Attack-Suite

nosql-login-bypass.py

Description

Usage

Example

nosql-login-enum.py

Description

Usage

Example

Notes

Owner

A tool to allow New World players to calculate the best place to put their Attribute Points for their build and level

Use this function to get list of routes for particular journey

NasaApod - Astronomy Picture of the Day

Multi-Probe Attention for Semantic Indexing

🎉 🎉 PyComp - Java Code compiler written in python.

Personal Finance Forecaster - An AI tool for forecasting personal expenses

The official Repository wherein newbies into Open Source can Contribute during the Hacktoberfest 2021

A simple service that allows you to run commands on the server using text

MODSKIN-LOLPRO-updater: The mod is fkn 10y old and has'nt a self-updater

SHF TEST BACKEND

Python library to interact with Move Hub / PoweredUp Hubs

Open source stenotype engine

This repository contains the code for the python introduction lab

京东自动入会获取京豆

Goddard A collection of small, simple strategies for Freqtrade

A simple hash system.

Python implementation of the Learning Time-Series Shapelets method, that learns a shapelet-based time-series classifier with gradient descent.

Encode and decode cancro lang files to and from brainfuck

this is a basic python project that I made using python

Unfinished Python library based on ndspy, for Zelda: Phantom Hourglass and Spirit Tracks.