search

codingo / NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.
GNU General Public License v3.0
2.82k stars 576 forks source link

Error when executing NoSQL DB Access Attacks #122

Closed tXambe closed 2 years ago

tXambe commented 3 years ago

What's the problem (or question)?

After of configure options when I run NoSQL DB Access Attacks, I have this error

1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 2
DB Access attacks (MongoDB)
=================
Checking to see if credentials are needed...
Traceback (most recent call last):
  File "nosqlmap.py", line 544, in <module>
    main(args)
  File "nosqlmap.py", line 47, in main
    mainMenu()
  File "nosqlmap.py", line 86, in mainMenu
    nsmmongo.netAttacks(victim, dbPort, myIP, myPort)
  File "/opt/No-SQL/NoSQLMap/nsmmongo.py", line 36, in netAttacks
    needCreds = mongoScan(target,dbPort,False)
  File "/opt/No-SQL/NoSQLMap/nsmmongo.py", line 404, in mongoScan
    dbList = conn.database_names()
  File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 1936, in database_names
    return self.list_database_names(session)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 1918, in list_database_names
    for doc in self.list_databases(session, nameOnly=True)]
  File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 1899, in list_databases
    res = admin._retryable_read_command(cmd, session=session)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/database.py", line 756, in _retryable_read_command
    _cmd, read_preference, session)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/mongo_client.py", line 1471, in _retryable_read
    return func(session, server, sock_info, slave_ok)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/database.py", line 753, in _cmd
    codec_options, session=session, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/database.py", line 637, in _command
    client=self.__client)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/pool.py", line 694, in command
    exhaust_allowed=exhaust_allowed)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/network.py", line 161, in command
    parse_write_concern_error=parse_write_concern_error)
  File "/usr/local/lib/python2.7/dist-packages/pymongo/helpers.py", line 160, in _check_command_response
    raise OperationFailure(errmsg, code, response, max_wire_version)
pymongo.errors.OperationFailure: command listDatabases requires authentication, full error: {u'code': 13, u'ok': 0.0, u'$clusterTime': {u'clusterTime': Timestamp(1626337136, 26), u'signature': {u'keyId': 6934662609962532882L, u'hash': Binary('M\x0c\x81\x08\xa0\xaa\x0f\xe0\xdb\x9c$\xa4\xe5\xa2\xf0\xa3\xaf1\x9f\x97', 0)}}, u'codeName': u'Unauthorized', u'operationTime': Timestamp(1626337136, 26), u'errmsg': u'command listDatabases requires authentication'}

Do you have an idea for a solution?

Not

How can we reproduce the issue?

Execute NoSQL DB Access Attacks

What are the running context details?

A greeting and thanks

github-actions[bot] commented 2 years ago

Stale issue message