After taking 41 minutes to get a working MongoDB interface, it seemed even more rewarding to emulate what attackers most often find in the wild: a MongoDB instance that simply isn’t secured.
The MongoDB.py module now allows unauthenticated connections to actually do things. Like dropping databases, deleting collections, and leaving ransom notes.
Claude and I built the core in 27 minutes. Another 10 minutes of test–fix cycles later, the test script behaved exactly as expected.
Roughly 37 minutes of “effort” later, we had an authentic-looking MongoDB instance—open, obliging, and catastrophically insecure.
The result is a happy, smiley Mongo—right up until the attacker leaves their calling card:
MONGO WUZ HERE. ALL UR DATA R BELONG TO US. POOF!
