From fc5e6570ef33248a21bf5d98c9d28e7177e30605 Mon Sep 17 00:00:00 2001 From: Matthew Iverson Date: Sun, 24 Nov 2024 11:07:59 -0500 Subject: [PATCH] Upload files to "TTPs" --- TTPs/menu.py | 24 ++++++++++++++++++++++ TTPs/mongodb.py | 53 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 TTPs/menu.py create mode 100644 TTPs/mongodb.py diff --git a/TTPs/menu.py b/TTPs/menu.py new file mode 100644 index 0000000..a86fa07 --- /dev/null +++ b/TTPs/menu.py @@ -0,0 +1,24 @@ +from Modules.Imports.all_imports import * + +# Global variable to store open ports +OPEN_PORTS = [] + +MENU_OPTIONS = { + "1": {"name": "http", "ports": ["80", "443"], "submenu": http_submenu}, + "2": {"name": "ssh", "ports": ["22"], "submenu": ssh_submenu}, + "3": {"name": "rpc/smb", "ports": ["135", "445"], "submenu": rpc_smb_submenu}, + "4": {"name": "ftp", "ports": ["21"], "submenu": ftp_submenu}, + "5": {"name": "telnet", "ports": ["23"], "submenu": telnet_submenu}, + "6": {"name": "dns", "ports": ["53"], "submenu": dns_submenu}, + "7": {"name": "finger", "ports": ["79"], "submenu": finger_submenu}, + "8": {"name": "kerberos", "ports": ["88"], "submenu": kerberos_submenu}, + "9": {"name": "pop3", "ports": ["110"], "submenu": pop3_submenu}, + "10": {"name": "snmp", "ports": ["161"], "submenu": snmp_submenu}, + "11": {"name": "ldap", "ports": ["389"], "submenu": ldap_submenu}, + "12": {"name": "mssql", "ports": ["1433"], "submenu": mssql_submenu}, + "13": {"name": "oracle", "ports": ["1521"], "submenu": oracle_submenu}, + "14": {"name": "mysql", "ports": ["3306"], "submenu": mysql_submenu}, + "15": {"name": "docker", "ports": ["5000"], "submenu": docker_submenu}, + "16": {"name": "winrm", "ports": ["5985", "5986"], "submenu": winrm_submenu}, + "17": {"name": "mongodb", "ports": ["27017"], "submenu": mongodb_submenu}, +} \ No newline at end of file diff --git a/TTPs/mongodb.py b/TTPs/mongodb.py new file mode 100644 index 0000000..79080b8 --- /dev/null +++ b/TTPs/mongodb.py @@ -0,0 +1,53 @@ +from Modules.Imports.protocol_imports import * + +def mongodb_submenu(target_ip, open_ports): + actions = { + "1": {"description": "Check for Open MongoDB Instances", "function": check_open_instances}, + "2": {"description": "List Databases", "function": list_databases}, + "3": {"description": "Dump Collections", "function": dump_collections}, + "4": {"description": "Check for Authentication Bypass", "function": check_authentication_bypass}, + "5": {"description": "Test for MongoDB RCE Exploit", "function": test_rce_exploit}, + } + build_submenu("MongoDB Enumeration", target_ip, actions, open_ports) + +def check_open_instances(target_ip, open_ports): + title = "Check for Open MongoDB Instances" + content = f"nmap -p 27017 --script mongodb-info {target_ip}" + run_command(title, content, target_ip, open_ports) + +def list_databases(target_ip, open_ports): + title = "List MongoDB Databases" + content = ( + f"Use `mongo` CLI:\n\n" + f"1. Connect: mongo {target_ip}:27017\n" + f"2. Run: show dbs" + ) + run_command(title, content, target_ip, open_ports) + +def dump_collections(target_ip, open_ports): + title = "Dump Collections from MongoDB" + content = ( + f"Use `mongoexport`:\n\n" + f"mongoexport --host {target_ip} --db --collection --out " + ) + run_command(title, content, target_ip, open_ports) + +def check_authentication_bypass(target_ip, open_ports): + title = "Check for Authentication Bypass" + content = ( + f"Attempt to access the database without credentials:\n\n" + f"mongo {target_ip}:27017 --eval \"db.stats()\"" + ) + run_command(title, content, target_ip, open_ports) + +def test_rce_exploit(target_ip, open_ports): + title = "Test for MongoDB RCE Exploit" + content = ( + f"Use Metasploit or other tools to test RCE vulnerabilities:\n\n" + f"msfconsole -q\n" + f"search mongodb\n" + f"use exploit/linux/misc/mongodb_target_rce\n" + f"set RHOSTS {target_ip}\n" + f"run" + ) + run_command(title, content, target_ip, open_ports)