Sunday, 23 August 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related news
  1. Hacking Tools
  2. Pentest Tools
  3. What Is Hacking Tools
  4. Hacking App
  5. Pentest Tools Subdomain
  6. Hacking Tools For Games
  7. Hacking Tools For Games
  8. Hacking Tools Kit
  9. Ethical Hacker Tools
  10. Hacker Tools Apk
  11. Beginner Hacker Tools
  12. Hack And Tools
  13. Pentest Tools Open Source
  14. Ethical Hacker Tools
  15. Hacker Tools Free
  16. Github Hacking Tools
  17. Hackrf Tools
  18. What Is Hacking Tools
  19. Pentest Tools Free
  20. Hack And Tools
  21. Hacker Tools Windows
  22. Hacker Search Tools
  23. Pentest Tools Download
  24. What Is Hacking Tools
  25. Hacker Tools List
  26. Hacking Tools For Games
  27. Hacking Tools Windows
  28. Pentest Tools Subdomain
  29. Hacking Tools And Software
  30. Easy Hack Tools
  31. Free Pentest Tools For Windows
  32. Pentest Box Tools Download
  33. Hacker Tools Github
  34. Hack Tools For Pc
  35. Hacker Tools Apk Download
  36. Hacker Techniques Tools And Incident Handling
  37. Hacker Tool Kit
  38. Beginner Hacker Tools
  39. Hacking Tools For Windows Free Download
  40. Hacker Tools For Windows
  41. Hack Tools Download
  42. Nsa Hack Tools
  43. Hack Tools Download
  44. Hacker Techniques Tools And Incident Handling
  45. Pentest Tools Bluekeep
  46. Pentest Tools Android
  47. Tools Used For Hacking
  48. Hacker Tools Free
  49. Hack Tools For Pc
  50. Install Pentest Tools Ubuntu
  51. Hackrf Tools
  52. Hack Apps
  53. Hacker Tools Linux
  54. Hacker Tools For Pc
  55. Kik Hack Tools
  56. Hacker Techniques Tools And Incident Handling
  57. Computer Hacker
  58. New Hack Tools
  59. Hacking Tools Hardware
  60. Hacking Tools For Windows Free Download
  61. Best Hacking Tools 2019
  62. Hacker Tools Windows
  63. Hackrf Tools
  64. Install Pentest Tools Ubuntu
  65. What Are Hacking Tools
  66. Hack Tools Github
  67. How To Install Pentest Tools In Ubuntu
  68. Pentest Tools Nmap
  69. Pentest Tools Alternative
  70. Hack And Tools
  71. Pentest Tools Tcp Port Scanner
  72. Physical Pentest Tools
  73. Hack Tools For Windows
  74. Hacker Tools List
  75. Hack Tools
  76. Hacker Tools Software
  77. Hacker Tools List
  78. How To Install Pentest Tools In Ubuntu
  79. Hacker Tools Software
  80. Hacking Tools 2020
  81. Hacker Tools For Windows
  82. Kik Hack Tools
  83. Pentest Tools Tcp Port Scanner
  84. Hack Tools
  85. Hacking Tools Free Download
  86. Github Hacking Tools
  87. Pentest Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)