The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related posts


  1. Hacking Tools Software
  2. Blackhat Hacker Tools
  3. Pentest Tools Bluekeep
  4. What Are Hacking Tools
  5. Hacking Tools For Windows
  6. Black Hat Hacker Tools
  7. Pentest Tools Subdomain
  8. Hacker Tools For Mac
  9. Pentest Tools Open Source
  10. Hacking Tools Windows
  11. Hack Tools Online
  12. What Is Hacking Tools
  13. Hacker Tools Online
  14. Kik Hack Tools
  15. Hack Website Online Tool
  16. Best Hacking Tools 2019
  17. Pentest Tools Find Subdomains
  18. Hacker
  19. Best Hacking Tools 2020
  20. Hack Tools For Windows
  21. Hack Tool Apk
  22. Black Hat Hacker Tools
  23. New Hacker Tools
  24. Android Hack Tools Github
  25. Nsa Hacker Tools
  26. Best Hacking Tools 2020
  27. Hack Tools Download
  28. Physical Pentest Tools
  29. Pentest Tools Nmap
  30. Hacking Tools And Software
  31. Hacking Tools Mac
  32. Black Hat Hacker Tools
  33. Hacking Tools For Kali Linux
  34. Pentest Tools Github
  35. Pentest Tools Review
  36. Hacking Tools For Windows 7
  37. Hacker Tool Kit
  38. Hackrf Tools
  39. Pentest Tools Alternative
  40. Pentest Tools Website
  41. How To Hack
  42. Easy Hack Tools
  43. Hack And Tools
  44. Best Pentesting Tools 2018
  45. Hacker Tools Hardware
  46. How To Install Pentest Tools In Ubuntu
  47. Hacking Tools Mac
  48. Nsa Hack Tools
  49. Pentest Tools Framework
  50. Tools For Hacker
  51. Pentest Tools Bluekeep
  52. Hacking Tools Github
  53. Usb Pentest Tools
  54. New Hack Tools
  55. Hack Tools Github
  56. Hacker Tools For Ios
  57. Hacking Tools For Games
  58. Pentest Tools List
  59. Pentest Tools Open Source
  60. Hacker Techniques Tools And Incident Handling
  61. Hacking Tools 2020
  62. Pentest Tools Website Vulnerability
  63. Hacking Tools Mac
  64. Growth Hacker Tools
  65. Hacker
  66. Hack Tools Online
  67. Hacker Tools Github
  68. Hacking Tools
  69. Hacking Tools For Beginners
  70. Hacker Tools Free
  71. Hack Tools For Mac
  72. Hacker Tools 2020
  73. Hacker Security Tools
  74. Free Pentest Tools For Windows
  75. Hacking Tools Github
  76. Hack Tools Download
  77. Blackhat Hacker Tools
  78. Hacker Tools For Windows
  79. Hack Tool Apk
  80. Hacker Tool Kit
  81. Hacker Security Tools
  82. Physical Pentest Tools
  83. Hacking Tools Windows 10
  84. What Is Hacking Tools
  85. Tools For Hacker
  86. How To Install Pentest Tools In Ubuntu
  87. Best Hacking Tools 2020
  88. What Are Hacking Tools
  89. Pentest Tools For Android
  90. New Hacker Tools
  91. Hacker Hardware Tools
  92. Hack Tool Apk No Root
  93. Hacking Tools 2019
  94. Hack Tools Mac
  95. Hacking Tools Hardware
  96. Pentest Recon Tools
  97. Game Hacking
  98. Hack Tool Apk
  99. Best Pentesting Tools 2018
  100. Hacking Tools Windows
  101. Hacking App
  102. Best Hacking Tools 2019
  103. Pentest Tools For Android
  104. How To Hack
  105. Hacking Tools Windows 10
  106. Hack Tools
  107. How To Hack
  108. Hacker Tools Linux
  109. Hack Tools For Windows
  110. Pentest Tools For Mac
  111. Best Pentesting Tools 2018
  112. Hacking Tools Download
  113. Android Hack Tools Github
  114. Hacking Apps
  115. Pentest Tools Framework
  116. Pentest Tools Android
  117. Hacker Tools For Ios
  118. Hack Tools Pc
  119. Pentest Tools Kali Linux
  120. Hack Rom Tools
  121. Hacking Tools 2019
  122. Pentest Tools Review
  123. Hack Tools Pc
  124. Pentest Tools Online
  125. Hacks And Tools
  126. Hack Tools Github
  127. Physical Pentest Tools
  128. Hack App
  129. Hacker Tools Github
  130. Hacking Tools And Software
  131. Hacking Tools For Windows
  132. How To Hack
  133. Hacking Tools For Beginners
  134. Pentest Tools For Windows
  135. Top Pentest Tools
  136. Hacker
  137. Hacker Tools 2019
  138. Hacker Tools Linux
  139. Hacker Search Tools
  140. Game Hacking
  141. Pentest Tools For Mac
  142. What Is Hacking Tools
  143. Pentest Tools Bluekeep
  144. Hacking Tools For Pc
  145. New Hack Tools
  146. Hacker Tool Kit
  147. Hacker Tools Free
  148. Hack Tools For Ubuntu
  149. Hackrf Tools
  150. Hack Tools
  151. Hacking Tools For Windows
  152. Hacking Tools For Mac
  153. Blackhat Hacker Tools
  154. Hacking Tools
  155. Black Hat Hacker Tools
  156. Hacking Tools For Beginners
  157. Hacking App
  158. What Are Hacking Tools
  159. Pentest Tools Framework
  160. Hacking Tools Hardware
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)