AWS - DocumentDB Enum

Reading time: 2 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

DocumentDB

Amazon DocumentDB, offering compatibility with MongoDB, is presented as a fast, reliable, and fully managed database service. Designed for simplicity in deployment, operation, and scalability, it allows the seamless migration and operation of MongoDB-compatible databases in the cloud. Users can leverage this service to execute their existing application code and utilize familiar drivers and tools, ensuring a smooth transition and operation akin to working with MongoDB.

Enumeration

bash
aws docdb describe-db-clusters # Get username from "MasterUsername", get also the endpoint from "Endpoint"
aws docdb describe-db-instances #Get hostnames from here

# Parameter groups
aws docdb describe-db-cluster-parameter-groups
aws docdb describe-db-cluster-parameters --db-cluster-parameter-group-name <param_group_name>

# Snapshots
aws docdb describe-db-cluster-snapshots
aws --region us-east-1 --profile ad docdb describe-db-cluster-snapshot-attributes --db-cluster-snapshot-identifier <snap_id>

NoSQL Injection

As DocumentDB is a MongoDB compatible database, you can imagine it's also vulnerable to common NoSQL injection attacks:

NoSQL injection - HackTricks

DocumentDB

AWS - DocumentDB Unauthenticated Enum

References

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks