Basic HTML

Sunday, August 23, 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related links

  1. Android Hack Tools Github
  2. Game Hacking
  3. Hacking Tools Windows
  4. Pentest Tools For Android
  5. Hacking Tools Software
  6. Hack Tools Mac
  7. Underground Hacker Sites
  8. Pentest Tools Apk
  9. Hacker Tools Github
  10. Hacker Tools Linux
  11. Pentest Tools For Windows
  12. Termux Hacking Tools 2019
  13. Hack Tools
  14. Pentest Tools Apk
  15. Hack Tools
  16. Hack Tools Download
  17. Bluetooth Hacking Tools Kali
  18. Free Pentest Tools For Windows
  19. Best Pentesting Tools 2018
  20. Hacking Tools Kit
  21. Pentest Tools Free
  22. Game Hacking
  23. Growth Hacker Tools
  24. New Hack Tools
  25. Hacker Hardware Tools
  26. Hack Tools For Pc
  27. Github Hacking Tools
  28. Hacking Tools Hardware
  29. Install Pentest Tools Ubuntu
  30. Hacker Tool Kit
  31. Hacker Tools For Mac
  32. Hacking Tools Name
  33. Pentest Tools Bluekeep
  34. Hacking Tools
  35. Hack Apps
  36. Hack Tools Mac
  37. Hacker Tools Free
  38. Hacker Tools For Pc
  39. Hacker Tools Windows
  40. Growth Hacker Tools
  41. Hacking Tools Free Download
  42. Hacking Tools 2019
  43. Pentest Tools Tcp Port Scanner
  44. Hackers Toolbox
  45. Hack Tools 2019
  46. Pentest Tools For Android
  47. Wifi Hacker Tools For Windows
  48. Underground Hacker Sites
  49. Hack Tools For Windows
  50. Pentest Tools Online
  51. Hacking Tools For Beginners
  52. Hack Tools 2019
  53. Hack Tools
  54. Nsa Hacker Tools
  55. Black Hat Hacker Tools
  56. Hacking Tools Windows
  57. Hacker Tools Hardware
  58. Bluetooth Hacking Tools Kali
  59. Hacker Tools Apk Download
  60. Hacker Tools For Pc
  61. Hacker Tools Linux
  62. Ethical Hacker Tools
  63. Pentest Automation Tools
  64. Hack Tools
  65. Hack Tools For Pc
  66. Hacking Tools For Kali Linux
  67. Pentest Recon Tools
  68. Pentest Tools For Ubuntu
  69. Hak5 Tools
  70. Beginner Hacker Tools
  71. Hacking Tools 2020
  72. Game Hacking
  73. Hack Tools Github
  74. Hacking Tools 2020
  75. Hacker Tools Online
  76. Nsa Hack Tools
  77. Pentest Tools Url Fuzzer
  78. Best Hacking Tools 2020
  79. Hacking Tools For Windows
  80. Hacker Tools 2019
  81. Hacker Tools Hardware
  82. Hacker Tools For Mac
  83. Growth Hacker Tools
  84. Hacking Tools
  85. Hacking Tools Free Download
  86. Usb Pentest Tools
  87. Hacking Tools Windows
  88. Hacking Tools Download
  89. Hacker
  90. Hacking Tools For Pc
  91. Hak5 Tools
  92. Hack Rom Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)