The Pillager 0.7 Release
I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code. However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released.. As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.
For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go. If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.
http://consolecowboys.org/pillager/pillage_0.7.zip
Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]
Release Notes:
--Fixed bugs and optimized code
--Added Docstrings
--Fixed Named and Data searches from config files
About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.
Supported Platforms:
--------------------
-Oracle
-MSSQL
-MYSQL
-PostGreSQL
Usage Examples:
************************************************************************
For Mysql Postgres and MsSQL pillaging:
---------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password]
For Oracle pillaging you need a SID connection string:
------------------------------------------------------
python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
Grab some hashes and Hipaa specific:(Default is PCI)
------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa
Drop into a SQL CMDShell:
-------------------------
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q
Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D
Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N
Switch Options:
---------------------
-# --hashes = grab database password hashes
-l --limit = limit the amount of rows that are searched or when displaying data (options = any number)
-s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
-u --user = Database servers username
-p --pass = Password for the database server
-a --address = Ipaddress of the database server
-d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
-r --report = report format (HTML, XML, screen(default))
-N --nameSearch = Search via inputFiles/tables.txt
-D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
Prerequisites:
-------------
python v2 (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
cx_oracle (cx-oracle.sourceforge.net)
psycopg2 (initd.org/psycopg/download/)
MySQLdb (should be on BT by default)
pymssql (should be on BT by default)
Related news
- Hackers Toolbox
- Blackhat Hacker Tools
- Github Hacking Tools
- Hacker Tools List
- Pentest Tools Url Fuzzer
- Underground Hacker Sites
- Github Hacking Tools
- Hacker Tools Free Download
- New Hack Tools
- Hack Tools Download
- Hacking Tools Name
- Hacking Tools Windows 10
- Hacker Tools For Pc
- Best Hacking Tools 2019
- Hack Tools For Pc
- Pentest Tools Website
- Hacking App
- How To Make Hacking Tools
- Tools Used For Hacking
- Hacker Tools Apk Download
- Hack Tools For Ubuntu
- Hacking Tools Windows
- Hacking Tools Kit
- Hacker Tools Linux
- Hacker Tools Apk Download
- Tools Used For Hacking
- Hack Tools For Ubuntu
- Hack Tools
- Pentest Tools Nmap
- Hacker Hardware Tools
- Hacker Tools Mac
- Hack Tools Online
- Pentest Tools Nmap
- Hacker Tools Free
- Hacker Tools Apk Download
- Hacking Tools For Windows 7
- Pentest Tools Online
- Hacking Tools For Mac
- Hacker Tools 2019
- Hacking Tools Mac
- Hacking Tools Usb
- New Hack Tools
- Hacking Tools Windows
- How To Install Pentest Tools In Ubuntu
- Hacker Tools For Windows
- Free Pentest Tools For Windows
- Underground Hacker Sites
- Pentest Tools Subdomain
- Computer Hacker
- Growth Hacker Tools
- Hacker Tools For Pc
- Pentest Recon Tools
- Hacking Tools For Windows 7
- Hackers Toolbox
- What Are Hacking Tools
- Hacking Tools Github
- Hack Tools 2019
- Hacking Tools For Kali Linux
- Hacking Tools For Games
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Open Source
- Hacker Tools For Windows
- Pentest Tools Website
- Hack Tools Download
- Pentest Tools Github
- Hack Tool Apk No Root
- Hacking Tools Kit
- Hacker Tools For Mac
- Hack Tools Pc
- Wifi Hacker Tools For Windows
- Hacker Tools Apk
- Hacker Tools Software
- Hacking Tools Windows
- Pentest Box Tools Download
- Hacker Tools Apk
- Hacker Tools Online
- Hacker Tools For Ios
- Best Pentesting Tools 2018
- Pentest Tools Port Scanner
- Pentest Tools Online
- Termux Hacking Tools 2019
- Hacking Tools For Games
- Pentest Tools Port Scanner
- Hacker Tools For Ios
- Kik Hack Tools
- Pentest Tools
- Pentest Tools Url Fuzzer
- Hack Tools
- Hacking Tools Pc
- Hacks And Tools
- Hacking Tools For Windows
- Best Hacking Tools 2020
- Hack Tools
- Tools Used For Hacking
- New Hacker Tools
- Hacker Security Tools
- Hacker Hardware Tools
- Pentest Tools Subdomain
- Hacking Tools Kit
- Pentest Tools Alternative
- Hack Tools Download
- Install Pentest Tools Ubuntu
- Hack And Tools
- Tools For Hacker
- Github Hacking Tools
- Pentest Tools Alternative
- Hacker
- Hacking Tools Software
- Hacker Tools For Pc
- Nsa Hacker Tools
- How To Make Hacking Tools
- Hack App
- Hacking Tools For Windows Free Download
- Hacker Tools 2020
- Hacker Search Tools
- Best Hacking Tools 2020
- Hacking Tools Name
- Hacker Tools Windows
- Hacker Tools Linux
- Hacking Tools Online
- Hacking Tools 2019
- Hacker Tools Mac
- Hak5 Tools
- Pentest Tools Website Vulnerability
- Pentest Tools Find Subdomains
- Hack Rom Tools
- Pentest Tools Url Fuzzer
- Pentest Tools For Ubuntu
- Hacker Tools Apk
- Pentest Tools Url Fuzzer
- Hacking Tools For Mac
- Hacking Tools Usb
- Hacker Tool Kit
- Hacking Tools Pc
posted by soci at 2:51 午前
0 Comments:
コメントを投稿
<< Home