Holly Evergreen - Mongo Pilfer#

Holly Evergreen

Objective: Recover Cleartext Document

Request#

Hey! It's me, Holly Evergreen! My teacher has been locked out of the quiz database and can't remember the right solution.
Without access to the answer, none of our quizzes will get graded.
Can we help get back in to find that solution?
I tried lsof -i, but that tool doesn't seem to be installed.
I think there's a tool like ps that'll help too. What are the flags I need?
Either way, you'll need to know a teensy bit of Mongo once you're in.
Pretty please find us the solution to the quiz!

Video#

Resources#

Solution#

First determine the port that MongoDB is listening on by executing ps ax.

Processes

Next, connect to MongoDB using mongo 127.0.0.1:12121 --quiet and list all databases with show databases.

Show Databases

Open the 'elfu' database with use elfu and show the available collections by issuing the command show collections. The 'solution' collection seems a likely candidate to contain quiz answers. Use db.solution.find() to list its documents.

Show Collections

Now run db.loadServerScripts();displaySolution(); as instructed.

Run Command

Answer#

See solution.

Hint#

Woohoo! Fantabulous! I'll be the coolest elf in class.
On a completely unrelated note, digital rights management can bring a hacking elf down.
That ElfScrow one can really be a hassle.
It's a good thing Ron Bowes is giving a talk on reverse engineering!
That guy knows how to rip a thing apart. It's like he breathes opcodes!