GitBook: [master] one page and one asset modified

This commit is contained in:
CPol 2020-09-16 10:00:23 +00:00 committed by gitbook-bot
parent d20837a098
commit df5eb16d80
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 17 additions and 0 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.2 KiB

View file

@ -79,6 +79,23 @@ grep "noauth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#" #Not needed
grep "auth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#\|noauth" #Not needed grep "auth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#\|noauth" #Not needed
``` ```
## Mongo Objectid Predict
Mongo Object IDs are **12-byte hexadecimal** strings:
![](../.gitbook/assets/id-and-objectids-in-mongodb.png)
For example, heres how we can dissect an actual Object ID returned by an application: 5f2459ac9fa6dc2500314019
1. 5f2459ac: 1596217772 in decimal = Friday, 31 July 2020 17:49:32
2. 9fa6dc: Machine Identifier
3. 2500: Process ID
4. 314019: An incremental counter
Of the above elements, machine identifier will remain the same for as long as the database is running the same physical/virtual machine. Process ID will only change if the MongoDB process is restarted. Timestamp will be updated every second. The only challenge in guessing Object IDs by simply incrementing the counter and timestamp values, is the fact that Mongo DB generates Object IDs and assigns Object IDs at a system level.
The tool [https://github.com/andresriancho/mongo-objectid-predict](https://github.com/andresriancho/mongo-objectid-predict), given a starting Object ID \(you can create an account and get a starting ID\), it sends back about 1000 probable Object IDs that could have possibly been assigned to the next objects, so you just need to bruteforce them.
## Post ## Post
If you are root you can **modify** the **mongodb.conf** file so no credentials are needed \(_noauth = true_\) and **login without credentials**. If you are root you can **modify** the **mongodb.conf** file so no credentials are needed \(_noauth = true_\) and **login without credentials**.