CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/auxiliary/scanner/couchdb/couchdb_login.md
Views: 1904

Vulnerable Application

Apache CouchDB is a nosql database server which communicates over HTTP. This module will enumerate the server and databases hosted on it.

Docker setup

  1. docker run -p 5984:5984 --env COUCHDB_USER=admin --env COUCHDB_PASSWORD=password apache/couchdb:3.3.1 After running this command you will see the server is returning errors, to resolve this we must run some cURL commands.

  2. In another window, after startup, run the following three cURL commands:

$ curl localhost:5984
{"couchdb":"Welcome","version":"2.1.1","features":["scheduler"],"vendor":{"name":"The Apache Software Foundation"}}

$ curl -X PUT http://admin:password@localhost:5984/_users
{"ok":true}

$ curl -X PUT http://admin:password@localhost:5984/_replicator
{"ok":true}

$ curl -X PUT http://admin:password@localhost:5984/_global_changes
{"ok":true}

After running these commands you should get the following response when accessing http://localhost:5984/.

{"couchdb":"Welcome","version":"3.3.1","git_sha":"1fd50b82a","uuid":"bb8a05afa55cd9407a9532d05de65736","features":["access-ready","partitioned","pluggable-storage-engines","reshard","scheduler"],"vendor":{"name":"The Apache Software Foundation"}}

Ubuntu 16.04 Setup

The following was done on Ubuntu 16.04, and is largely based on 1and1.com:

  1. sudo apt install software-properties-common

  2. sudo add-apt-repository ppa:couchdb/stable

  3. sudo apt update

  4. sudo apt install couchdb

  5. Reconfigure couchdb to listen to all interfaces. Edit /etc/couchdb/local.ini. Under [httpd] add the following line: bind_address = 0.0.0.0

  6. Restart the service: sudo service couchdb restart

  7. Create an admin user curl -X PUT http://127.0.0.1:5984/_config/admins/anna -d '"secret"'

Verification Steps

  1. Install and configure couchdb

  2. Start msfconsole

  3. Do: auxiliary/scanner/couchdb/couchdb_login

  4. Do: run

Scenarios

A run against the configuration from these docs

msf5 > use auxiliary/scanner/couchdb/couchdb_login 
msf5 auxiliary(scanner/couchdb/couchdb_login) > set rhosts 1.1.1.1
rhosts => 1.1.1.1
msf5 auxiliary(scanner/couchdb/couchdb_login) > set username anna
username => anna
msf5 auxiliary(scanner/couchdb/couchdb_login) > set password secret
password => secret
msf5 auxiliary(scanner/couchdb/couchdb_login) > run

[*] 1.1.1.1:5984 - [001/305] - Trying username:'connect' with password:'connect'
[*] 1.1.1.1:5984 - [002/305] - Trying username:'sitecom' with password:'sitecom'
[*] 1.1.1.1:5984 - [003/305] - Trying username:'admin' with password:'1234'
[*] 1.1.1.1:5984 - [004/305] - Trying username:'cisco' with password:'cisco'
[*] 1.1.1.1:5984 - [005/305] - Trying username:'cisco' with password:'sanfran'
[*] 1.1.1.1:5984 - [006/305] - Trying username:'private' with password:'private'
[*] 1.1.1.1:5984 - [007/305] - Trying username:'wampp' with password:'xampp'
[*] 1.1.1.1:5984 - [008/305] - Trying username:'newuser' with password:'wampp'
[*] 1.1.1.1:5984 - [009/305] - Trying username:'xampp-dav-unsecure' with password:'ppmax2011'
[*] 1.1.1.1:5984 - [010/305] - Trying username:'admin' with password:'turnkey'
[*] 1.1.1.1:5984 - [011/305] - Trying username:'vagrant' with password:'vagrant'
[*] 1.1.1.1:5984 - [012/305] - Trying username:'anna' with password:'secret'
[+] 1.1.1.1:5984 - Successful login with. 'anna' : 'secret'
[*] 1.1.1.1:5984 - [013/305] - Trying username:'admin' with password:'secret'
...snip...