Friday, August 28, 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related links


  1. Pentest Tools Url Fuzzer
  2. Android Hack Tools Github
  3. Hacker Tools Free
  4. Hacking Tools Name
  5. Pentest Tools Github
  6. Pentest Tools
  7. Hacker Tools
  8. Hacker Hardware Tools
  9. Tools 4 Hack
  10. Github Hacking Tools
  11. Hack Tools For Games
  12. Kik Hack Tools
  13. Tools Used For Hacking
  14. Hacking Tools Mac
  15. Hack Tools 2019
  16. Best Hacking Tools 2020
  17. Hacking Tools Name
  18. Pentest Tools Framework
  19. Hacker
  20. Pentest Tools For Ubuntu
  21. Computer Hacker
  22. Pentest Tools Framework
  23. Pentest Tools Find Subdomains
  24. Pentest Tools Online
  25. Hacker Tools 2020
  26. Hacking Tools For Windows
  27. Pentest Tools Website Vulnerability
  28. Hacker Tools Windows
  29. Pentest Tools Android
  30. Hack Tools Online
  31. Pentest Tools Url Fuzzer
  32. Hacking Tools Windows
  33. Hack Tools Mac
  34. Pentest Tools Find Subdomains
  35. Hack Tools Mac
  36. Hacking Apps
  37. Hacking Tools 2020
  38. Hacking Tools Windows 10
  39. Hacker Tools For Mac
  40. Hacker Tools For Windows
  41. Hacker Tools Apk
  42. Hacker Tools For Windows
  43. Pentest Tools Linux
  44. World No 1 Hacker Software
  45. Pentest Tools Kali Linux
  46. Hacking Apps
  47. Nsa Hack Tools Download
  48. Hack Tools Download
  49. Pentest Tools For Windows
  50. Hacker Tools List
  51. Hacker
  52. Pentest Tools Find Subdomains
  53. Hacking Tools Windows 10
  54. Hacker Tools
  55. Hack Tool Apk No Root
  56. Game Hacking
  57. Hacker Tools Software
  58. Blackhat Hacker Tools
  59. Hacker Tools Hardware
  60. Hack And Tools
  61. Hacker Techniques Tools And Incident Handling
  62. Hacker Tools Free Download
  63. Hacker Security Tools
  64. How To Make Hacking Tools
  65. Hacking Tools Online
  66. Computer Hacker
  67. Usb Pentest Tools
  68. Hacker
  69. Tools For Hacker
  70. Tools For Hacker
  71. Game Hacking
  72. Pentest Tools Alternative
  73. Hackers Toolbox
  74. Hack Rom Tools
  75. Kik Hack Tools
  76. Hacker Tools For Ios
  77. Hack Website Online Tool
  78. Game Hacking
  79. Hacker Tools Linux
  80. Pentest Tools Framework
  81. Hacks And Tools
  82. Hack Tools Download
  83. Hacker Tools Software
  84. Wifi Hacker Tools For Windows
  85. Pentest Tools Windows
  86. Hack Tools Github
  87. Wifi Hacker Tools For Windows
  88. Pentest Tools Bluekeep
  89. Hack Tools 2019
  90. Hacking Tools For Mac
  91. Hacking Tools Download
  92. Hacker Tools Apk
  93. Hack Tools 2019
  94. Github Hacking Tools
  95. Pentest Tools Download
  96. Hacker Tools Mac
  97. Hackrf Tools
  98. Hackers Toolbox
  99. Hacks And Tools
  100. Tools 4 Hack
  101. Pentest Automation Tools
  102. Hackrf Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)