# TCP 27017: MongoDB

> MongoDB is a source-available cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional schemas. MongoDB is developed by MongoDB Inc. and licensed under the Server Side Public License.
>
> \-- [*Wikipedia*](https://en.wikipedia.org/wiki/MongoDB)

## Terms

* Collections are like tables
* Documents are like rows
* Fields are like columns

## Common operators

* $eq
* $ne
* $gt
* $where
* $exists
* $regex

## Basic commands

Show databases

```bash
show databases
```

Select database

```bash
use <database>
```

Create database

```bash
use <database>
```

Create collection

```bash
db.createCollection("<collection>")
```

Show collections

```bash
db.getCollectionNames()
```

Create document

```bash
db.<collection>.insert(<json>)
```

Query collection

```bash
db.<collection>.find()
```

Update document

```bash
db.<collection>.update(<where-json>, { $set: <update-json> })
```

Delete document

```bash
db.<collection>.remove(<where-json>)
```

## NoSQL injection

### Via JSON

Use e.g. `{ "$ne": "whatever" }` as password to bypass login logic.

### Via requests

Inject `$ne` in GET param `?username[$ne]=name` to invert the logic.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/services/tcp/tcp-27017-mongodb.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.