Saturday, August 22, 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related news


  1. Hacker Tools Github
  2. Pentest Tools For Ubuntu
  3. Hacker Tools List
  4. Hacker Security Tools
  5. Hacking Tools Github
  6. Hacking App
  7. Kik Hack Tools
  8. Hacker Techniques Tools And Incident Handling
  9. Pentest Tools Port Scanner
  10. Hacking Tools For Windows
  11. Hacking Tools Software
  12. Pentest Reporting Tools
  13. Nsa Hacker Tools
  14. Hacker Tools Free Download
  15. Hack Tools For Ubuntu
  16. Ethical Hacker Tools
  17. Hacker Tools Free
  18. Hacking Tools And Software
  19. How To Install Pentest Tools In Ubuntu
  20. Game Hacking
  21. Pentest Tools Download
  22. Hacker Tools Apk
  23. Hacking Tools For Windows
  24. Hack Tools For Mac
  25. Hacker Tools For Pc
  26. Hack Website Online Tool
  27. Hacker Tools 2019
  28. Physical Pentest Tools
  29. Hacking Tools
  30. Pentest Tools Tcp Port Scanner
  31. Hack Tools For Ubuntu
  32. Bluetooth Hacking Tools Kali
  33. Hack Tools For Ubuntu
  34. Pentest Tools Open Source
  35. Pentest Tools Review
  36. Growth Hacker Tools
  37. Hacking Tools For Mac
  38. Wifi Hacker Tools For Windows
  39. Pentest Tools Bluekeep
  40. Pentest Tools
  41. Hack Website Online Tool
  42. Hacking Tools For Windows 7
  43. Pentest Recon Tools
  44. Hacker Tools Online
  45. Hack Tools For Mac
  46. Hacking Tools Pc
  47. Nsa Hack Tools Download
  48. Hack Apps
  49. Termux Hacking Tools 2019
  50. Hack Tools Mac
  51. Easy Hack Tools
  52. How To Hack
  53. Hacking Tools Free Download
  54. Hacker Tools Linux
  55. Hack Tools
  56. Pentest Automation Tools
  57. Hack App
  58. Hacking Tools 2020
  59. Pentest Tools Linux
  60. Hacking Tools 2020
  61. Hacking Tools For Mac
  62. Hack Tools Online
  63. Hacking Tools Kit
  64. Hacking Tools Name
  65. Easy Hack Tools
  66. Pentest Tools Github
  67. Hacking Tools Download
  68. Hacker Tools Software
  69. Pentest Tools Find Subdomains
  70. Hacker Tools Github
  71. Hack Rom Tools
  72. Pentest Tools For Mac
  73. Pentest Recon Tools
  74. Pentest Tools Subdomain
  75. Best Hacking Tools 2020
  76. Pentest Tools Linux
  77. Hacking Tools Online
  78. Hacker Tools Mac
  79. Hacking Tools For Pc
  80. Hacking App
  81. Hacking Tools For Kali Linux
  82. Termux Hacking Tools 2019
  83. Physical Pentest Tools
  84. Hacking Tools
  85. Pentest Recon Tools
  86. Hacking Tools For Windows Free Download
  87. What Is Hacking Tools
  88. Install Pentest Tools Ubuntu
  89. Hacking Tools Online
  90. Hacker Techniques Tools And Incident Handling
  91. Pentest Tools Download
  92. Hak5 Tools
  93. Pentest Tools Windows
  94. Hacking Tools
  95. Hacker Search Tools
  96. Hacking Tools Online
  97. Game Hacking
  98. Pentest Tools Find Subdomains
  99. Hacking Tools For Windows 7
  100. Pentest Tools Github
  101. Nsa Hack Tools
  102. Hacker Tools Mac
  103. Hack Tool Apk No Root
  104. Best Pentesting Tools 2018
  105. Pentest Tools Nmap
  106. Hackrf Tools
  107. What Is Hacking Tools
  108. Kik Hack Tools
  109. Pentest Tools Subdomain
  110. Pentest Reporting Tools
  111. Pentest Tools Framework
  112. Pentest Tools Website Vulnerability
  113. Pentest Tools Subdomain
  114. Game Hacking
  115. Beginner Hacker Tools
  116. Pentest Tools Url Fuzzer
  117. Pentest Tools Find Subdomains
  118. World No 1 Hacker Software
  119. Hacker Security Tools
  120. Hacker Tools For Pc
  121. Pentest Tools Windows
  122. Hacking Tools For Mac
  123. Hack Tools For Mac
  124. Pentest Tools Port Scanner
  125. Pentest Tools List
  126. Hacking Tools Usb
  127. Hack Tool Apk No Root
  128. Hacker Tools 2020
  129. Hacking Apps
  130. Hacker Hardware Tools
  131. Hacking Tools Windows 10
  132. Hack Tools For Mac
  133. Hacking Tools For Pc
  134. Hacking Tools For Pc
  135. Hacker Tools Apk Download
  136. Hacking Tools Windows 10
  137. Github Hacking Tools
  138. Physical Pentest Tools
  139. Hacking Tools Online
  140. Hack And Tools
  141. Hack Tools
  142. Hacking Tools Windows 10
  143. New Hack Tools
  144. Hacking Tools
  145. Pentest Tools Windows
  146. Hacker Tools For Pc
  147. What Are Hacking Tools
  148. Pentest Tools Port Scanner
  149. Pentest Tools Open Source
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)