Friday, August 28, 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related posts
  1. Hacker Techniques Tools And Incident Handling
  2. Best Hacking Tools 2019
  3. Pentest Tools Open Source
  4. Hacking App
  5. Hacking Tools Software
  6. Hacking Tools Windows 10
  7. Hack Tools For Windows
  8. Hack Tool Apk No Root
  9. Hacker Tools Online
  10. Hacking Tools Github
  11. Hacking Tools Online
  12. Pentest Tools For Android
  13. Underground Hacker Sites
  14. Pentest Recon Tools
  15. Pentest Tools Linux
  16. Hacking Tools Usb
  17. Growth Hacker Tools
  18. Hacking Tools Windows
  19. Hacker Tools Hardware
  20. Hacker Tools Github
  21. Hack Website Online Tool
  22. Hacking Tools For Kali Linux
  23. Hacking Tools For Windows 7
  24. Hack Apps
  25. Hacker Tools Hardware
  26. Pentest Tools Apk
  27. Hacking Tools Hardware
  28. Pentest Tools Port Scanner
  29. Hacking Tools And Software
  30. Pentest Tools Website
  31. Hacker
  32. Hacking App
  33. Hack Tool Apk
  34. Pentest Tools Windows
  35. Pentest Tools Tcp Port Scanner
  36. Android Hack Tools Github
  37. Hacker Hardware Tools
  38. Hacker Tools Apk Download
  39. How To Install Pentest Tools In Ubuntu
  40. Hacking Tools Windows
  41. World No 1 Hacker Software
  42. New Hack Tools
  43. Pentest Tools Windows
  44. Hacking Tools For Windows 7
  45. Tools For Hacker
  46. World No 1 Hacker Software
  47. Pentest Tools Linux
  48. Hacking Tools And Software
  49. Nsa Hacker Tools
  50. Hack Rom Tools
  51. How To Install Pentest Tools In Ubuntu
  52. Hack Tools Download
  53. Hacker Tools Github
  54. Hacking Tools 2020
  55. Hackrf Tools
  56. Pentest Tools Android
  57. Hacker Techniques Tools And Incident Handling
  58. Hacking Tools For Windows Free Download
  59. Hacker Tools Linux
  60. Hacker Tools Online
  61. Hack Tools For Games
  62. Hackers Toolbox
  63. Hacking Tools Hardware
  64. Hacker Tools Software
  65. Hack Tools Pc
  66. Pentest Tools List
  67. Pentest Tools Apk
  68. Nsa Hacker Tools
  69. Hacker Tools Github
  70. Hacker Tools Hardware
  71. Pentest Tools Github
  72. Hack Tools
  73. Pentest Tools
  74. Pentest Tools Url Fuzzer
  75. Hacker Tools Software
  76. Pentest Tools Online
  77. Hacking Tools Software
  78. Game Hacking
  79. Best Hacking Tools 2019
  80. Pentest Tools Bluekeep
  81. Hack Tools For Games
  82. Pentest Tools Url Fuzzer
  83. Black Hat Hacker Tools
  84. Hacker Tools For Mac
  85. Hack Tool Apk
  86. Hacking Tools
  87. Hack Tools
  88. Hacks And Tools
  89. Pentest Tools Linux
  90. Hacking Tools 2020
  91. Pentest Tools Subdomain
  92. Pentest Tools Windows
  93. Pentest Tools Website Vulnerability
  94. Computer Hacker
  95. Hacking Tools Windows
  96. Pentest Tools Bluekeep
  97. Pentest Tools Framework
  98. Hacker Techniques Tools And Incident Handling
  99. Hack Tool Apk
  100. Top Pentest Tools
  101. Best Pentesting Tools 2018
  102. Hacking Tools Github
  103. Hacker Techniques Tools And Incident Handling
  104. Growth Hacker Tools
  105. Hacker Tools For Windows
  106. New Hacker Tools
  107. Hacking Tools Windows
  108. Hacker Tools List
  109. Hacker Search Tools
  110. Hacker Search Tools
  111. Pentest Tools Tcp Port Scanner
  112. Hack Tools Mac
  113. Pentest Tools Url Fuzzer
  114. Pentest Tools For Mac
  115. Wifi Hacker Tools For Windows
  116. Hacking Tools 2019
  117. Hacking Tools For Windows Free Download
  118. Pentest Tools Github
  119. Tools Used For Hacking
  120. Hacker Tools Software
  121. Hack Tools
  122. How To Hack
  123. Tools For Hacker
  124. Pentest Tools Linux
  125. Best Hacking Tools 2020
  126. Hacker Tools Github
  127. Hacker Tools 2020
  128. Physical Pentest Tools
  129. Hacker Tools 2020
  130. Hacking Tools Mac
  131. Hacker Hardware Tools
  132. Pentest Tools Github
  133. Hack Tools
  134. Pentest Reporting Tools
  135. Pentest Tools Find Subdomains
  136. Hacking Tools 2019
  137. Pentest Tools Subdomain
  138. Hacking Tools For Kali Linux
  139. New Hack Tools
  140. Hacking Tools Kit
  141. Hack Website Online Tool
  142. Pentest Tools List
  143. Hacking Tools Mac
  144. Hacking Tools Software
  145. Hack Website Online Tool
  146. Pentest Tools Review
  147. Hacking Tools
  148. Hacking Tools Github
  149. Pentest Tools For Ubuntu
  150. Hack Tools For Windows
  151. Github Hacking Tools
  152. Pentest Tools Online
  153. Best Hacking Tools 2020
  154. Hacking Tools Software
  155. Pentest Tools Find Subdomains
  156. Kik Hack Tools
  157. Hack And Tools
  158. Hacking Tools And Software
  159. Usb Pentest Tools
  160. Hacking Tools Software
  161. Hacker Tools Github
  162. Tools Used For Hacking
  163. Hacking Tools For Windows Free Download
  164. Pentest Tools Kali Linux
  165. Hacking Tools Kit
  166. Beginner Hacker Tools
  167. Hack Tools For Games
  168. Hacking Tools Download
  169. Beginner Hacker Tools
  170. Pentest Tools Url Fuzzer
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)