Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/philsmd/mongodb2hashcat

Extract hashes from the MongoDB database server to a hash format that hashcat accepts: -m 24100 (SCRAM-SHA-1) or -m 24200 (SCRAM-SHA-256)
https://github.com/philsmd/mongodb2hashcat

Last synced: 3 months ago
JSON representation

Extract hashes from the MongoDB database server to a hash format that hashcat accepts: -m 24100 (SCRAM-SHA-1) or -m 24200 (SCRAM-SHA-256)

Awesome Lists containing this project

README 

        
# About



The goal of this project is to make it very easy to extract hashes from the MongoDB database server to a hash format that `hashcat` accepts: -m 24100 or -m 24200



# Requirements



Software:

- MongoDB server and client must be installed (should work on any supported operating system)



# Installation and first steps



* Clone this repository:  

    `git clone https://github.com/philsmd/mongodb2hashcat.git`

* Enter the repository root folder:  

    `cd mongodb2hashcat`

* Run it:  

    `mongo --quiet admin mongodb2hashcat.js`

* Copy output to a file (or redirect output to a file (>) directly) and run it with `hashcat` using mode -m 24100 = `MongoDB ServerKey SCRAM-SHA-1` or -m 24200 = `MongoDB ServerKey SCRAM-SHA-256`



If the output of `mongodb2hashcat` starts with `$mongodb-scram$*0` then you need to use hash mode -m 24100, for `$mongodb-scram$*1` use -m 24200 instead.



Note: we always recommend the use of `--quiet` for the `mongo` client command. This avoids the mix/interference with other debug/version output of the mongo client.



# Usage and parameters



The usage is very simple:  

  `mongo --quiet admin mongodb2hashcat.js`



You can also instruct the script to only export a certain type of hash:  

  `mongo --quiet --eval 'var scramSHA256 = 0' admin mongodb2hashcat.js`  

  `mongo --quiet --eval 'var scramSHA1   = 0' admin mongodb2hashcat.js`



You can also instruct the script to load the hashes from a JSON dump file:  

  `mongo --quiet --eval 'var dumpFile = "users.json"' admin mongodb2hashcat.js`



Note: the `admin` parameter in this particular command isn't really required, because in this special case there is no need to query the admin database (the whole data is assumed to be present in the `JSON` file).



You can also instruct the script to prepend the `_id` of the user/database/table to the hash line:  

  `mongo --quiet --eval 'var withID = 1' admin mongodb2hashcat.js`



Note: if you use `withID = 1` you need to use the `--username` parameter for hashcat to load hashes with user names while cracking and show the user names when using `--show`.



You can redirect the output like this:  

  `mongo --quiet --eval 'var scramSHA256 = 0' admin mongodb2hashcat.js > m24100_hashes.txt`  

  `mongo --quiet --eval 'var scramSHA1   = 0' admin mongodb2hashcat.js > m24200_hashes.txt`



# Explanation of the hash format



If the hashes are using SCRAM-SHA-1:  

 `$mongodb-scram$*0*base64_user*iter*base64_salt*base64_digest`



SCRAM-SHA-256 hashes:  

 `$mongodb-scram$*1*base64_user*iter*base64_salt*base64_digest`



# Hacking / Missing features



* more features

* improvements and all bug fixes are very welcome



# Credits and Contributors



Credits go to:



* AverageSecurityGuy, Openwall John, hashcat project, philsmd



# License/Disclaimer



License: This software is Copyright (c) 2016 AverageSecurityGuy and it is hereby released to the general public under the following terms:

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted.



https://averagesecurityguy.github.io/2016/04/29/finding-and-exploiting-mongodb/



adapted and updated by `philsmd` for the `SCRAM-SHA-256` variant of the hashes.



Disclaimer: WE PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE