For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go. If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.
http://consolecowboys.org/pillager/pillage_0.7.zip
Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]
Release Notes:
--Fixed bugs and optimized code
--Added Docstrings
--Fixed Named and Data searches from config files
About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.
Supported Platforms:
--------------------
-Oracle
-MSSQL
-MYSQL
-PostGreSQL
Usage Examples:
************************************************************************
For Mysql Postgres and MsSQL pillaging:
---------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password]
For Oracle pillaging you need a SID connection string:
------------------------------------------------------
python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
Grab some hashes and Hipaa specific:(Default is PCI)
------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa
Drop into a SQL CMDShell:
-------------------------
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q
Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D
Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N
Switch Options:
---------------------
-# --hashes = grab database password hashes
-l --limit = limit the amount of rows that are searched or when displaying data (options = any number)
-s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
-u --user = Database servers username
-p --pass = Password for the database server
-a --address = Ipaddress of the database server
-d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
-r --report = report format (HTML, XML, screen(default))
-N --nameSearch = Search via inputFiles/tables.txt
-D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
Prerequisites:
-------------
python v2 (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
cx_oracle (cx-oracle.sourceforge.net)
psycopg2 (initd.org/psycopg/download/)
MySQLdb (should be on BT by default)
pymssql (should be on BT by default)
Related links
- Android Hack Tools Github
- Game Hacking
- Hacking Tools Windows
- Pentest Tools For Android
- Hacking Tools Software
- Hack Tools Mac
- Underground Hacker Sites
- Pentest Tools Apk
- Hacker Tools Github
- Hacker Tools Linux
- Pentest Tools For Windows
- Termux Hacking Tools 2019
- Hack Tools
- Pentest Tools Apk
- Hack Tools
- Hack Tools Download
- Bluetooth Hacking Tools Kali
- Free Pentest Tools For Windows
- Best Pentesting Tools 2018
- Hacking Tools Kit
- Pentest Tools Free
- Game Hacking
- Growth Hacker Tools
- New Hack Tools
- Hacker Hardware Tools
- Hack Tools For Pc
- Github Hacking Tools
- Hacking Tools Hardware
- Install Pentest Tools Ubuntu
- Hacker Tool Kit
- Hacker Tools For Mac
- Hacking Tools Name
- Pentest Tools Bluekeep
- Hacking Tools
- Hack Apps
- Hack Tools Mac
- Hacker Tools Free
- Hacker Tools For Pc
- Hacker Tools Windows
- Growth Hacker Tools
- Hacking Tools Free Download
- Hacking Tools 2019
- Pentest Tools Tcp Port Scanner
- Hackers Toolbox
- Hack Tools 2019
- Pentest Tools For Android
- Wifi Hacker Tools For Windows
- Underground Hacker Sites
- Hack Tools For Windows
- Pentest Tools Online
- Hacking Tools For Beginners
- Hack Tools 2019
- Hack Tools
- Nsa Hacker Tools
- Black Hat Hacker Tools
- Hacking Tools Windows
- Hacker Tools Hardware
- Bluetooth Hacking Tools Kali
- Hacker Tools Apk Download
- Hacker Tools For Pc
- Hacker Tools Linux
- Ethical Hacker Tools
- Pentest Automation Tools
- Hack Tools
- Hack Tools For Pc
- Hacking Tools For Kali Linux
- Pentest Recon Tools
- Pentest Tools For Ubuntu
- Hak5 Tools
- Beginner Hacker Tools
- Hacking Tools 2020
- Game Hacking
- Hack Tools Github
- Hacking Tools 2020
- Hacker Tools Online
- Nsa Hack Tools
- Pentest Tools Url Fuzzer
- Best Hacking Tools 2020
- Hacking Tools For Windows
- Hacker Tools 2019
- Hacker Tools Hardware
- Hacker Tools For Mac
- Growth Hacker Tools
- Hacking Tools
- Hacking Tools Free Download
- Usb Pentest Tools
- Hacking Tools Windows
- Hacking Tools Download
- Hacker
- Hacking Tools For Pc
- Hak5 Tools
- Hack Rom Tools
No comments:
Post a Comment