Tuesday, August 25, 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related news

  1. What Are Hacking Tools
  2. Hacker Tools Mac
  3. Top Pentest Tools
  4. Hacking Tools Usb
  5. Hacker Search Tools
  6. Pentest Tools Url Fuzzer
  7. Pentest Tools For Windows
  8. Pentest Tools For Android
  9. Hacker Tools Mac
  10. Hacking Apps
  11. Pentest Tools For Windows
  12. Termux Hacking Tools 2019
  13. Hack Apps
  14. Hackrf Tools
  15. Pentest Tools Download
  16. Github Hacking Tools
  17. Best Hacking Tools 2020
  18. Hacker Tools Free Download
  19. Pentest Tools Find Subdomains
  20. Hackers Toolbox
  21. Tools Used For Hacking
  22. Hacker
  23. Top Pentest Tools
  24. Hacking Tools Software
  25. Hacker Tools
  26. Hacker Tools For Mac
  27. Easy Hack Tools
  28. World No 1 Hacker Software
  29. Pentest Tools Review
  30. How To Make Hacking Tools
  31. Blackhat Hacker Tools
  32. Hacker Tools Free Download
  33. Hacking Tools Name
  34. Pentest Tools Nmap
  35. Hack Tools For Mac
  36. Hacker Search Tools
  37. Pentest Tools Windows
  38. Hacker Tools For Mac
  39. Hack Tools
  40. Hacking Tools Mac
  41. Hacking Tools Usb
  42. Pentest Reporting Tools
  43. Hacking Tools Free Download
  44. Hacker Tools For Ios
  45. Hackrf Tools
  46. Hacker Tool Kit
  47. Pentest Tools Tcp Port Scanner
  48. Pentest Tools Free
  49. Pentest Tools Bluekeep
  50. Game Hacking
  51. Hacking Tools
  52. Hacker Tools For Ios
  53. Hacking Tools For Windows
  54. Pentest Tools Nmap
  55. Hack Tools
  56. Hacking Tools For Mac
  57. Pentest Tools For Ubuntu
  58. Ethical Hacker Tools
  59. Hack And Tools
  60. Hacking Tools Free Download
  61. Hacker Tools Apk Download
  62. Hacker Tools List
  63. Easy Hack Tools
  64. Usb Pentest Tools
  65. Pentest Tools Free
  66. Growth Hacker Tools
  67. Hacking Tools Windows 10
  68. Hack Rom Tools
  69. Pentest Tools Alternative
  70. Hacker Tools Online
  71. Hacker Tools List
  72. Hack And Tools
  73. Hacker Tool Kit
  74. Hacker Security Tools
  75. Pentest Automation Tools
  76. Hacking Tools For Pc
  77. Best Pentesting Tools 2018
  78. Hacking Tools Download
  79. Best Hacking Tools 2019
  80. Game Hacking
  81. Hacking Tools Usb
  82. Pentest Box Tools Download
  83. Pentest Tools Bluekeep
  84. Hacking Tools For Beginners
  85. Nsa Hack Tools Download
  86. Pentest Tools Review
  87. Tools For Hacker
  88. Hacking Tools Mac
  89. Hacker Hardware Tools
  90. Hacker Tools List
  91. Pentest Tools For Android
  92. Hackrf Tools
  93. Pentest Tools Windows
  94. Hacking Tools For Mac
  95. Pentest Tools For Windows
  96. Free Pentest Tools For Windows
  97. Hacker Tools Online
  98. Pentest Tools Free
  99. Hacking App
  100. Pentest Tools Tcp Port Scanner
  101. Hack Tools For Windows
  102. Hacking Tools For Pc
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)