Woensdag 26 Augustus 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related posts

  1. Hacking Tools Free Download
  2. Hacking Tools For Windows
  3. Free Pentest Tools For Windows
  4. Hacker Tools Windows
  5. Hacker Tools Windows
  6. Pentest Tools Open Source
  7. Install Pentest Tools Ubuntu
  8. Hacking Apps
  9. Hackers Toolbox
  10. Pentest Tools For Android
  11. Hack Apps
  12. Hackers Toolbox
  13. Hack Tools Online
  14. Hacking Tools For Games
  15. Hacking Tools Windows 10
  16. Hacker Tools
  17. Hacking Tools For Mac
  18. Nsa Hack Tools
  19. Pentest Tools Apk
  20. Hacking Tools Kit
  21. Hack Tools For Ubuntu
  22. Pentest Tools Tcp Port Scanner
  23. Hack Tools Github
  24. Hack Apps
  25. Hacker Tools
  26. Hacker Tools For Pc
  27. Pentest Tools Alternative
  28. Pentest Tools Android
  29. Hack Tools For Windows
  30. Hacking Tools Software
  31. Hacker Tools Github
  32. Best Hacking Tools 2019
  33. Pentest Tools Port Scanner
  34. Best Hacking Tools 2019
  35. Tools 4 Hack
  36. Hacker Tools For Pc
  37. Best Hacking Tools 2019
  38. Top Pentest Tools
  39. Android Hack Tools Github
  40. Hack Apps
  41. Hack And Tools
  42. Pentest Tools Linux
  43. Hackrf Tools
  44. Pentest Tools Bluekeep
  45. Termux Hacking Tools 2019
  46. How To Make Hacking Tools
  47. Best Hacking Tools 2020
  48. Hacker Tools For Mac
  49. Hack Tools For Games
  50. Hacking Tools For Mac
  51. Hacking Tools For Windows 7
  52. Hacker Search Tools
  53. Pentest Tools Windows
  54. Physical Pentest Tools
  55. Hacker Tools Hardware
  56. Best Hacking Tools 2019
  57. Pentest Reporting Tools
  58. Easy Hack Tools
  59. Pentest Tools For Android
  60. Hacking Tools And Software
  61. World No 1 Hacker Software
  62. Hack Tools
  63. Beginner Hacker Tools
  64. Hacking Tools Github
  65. Hack Tools For Mac
  66. New Hack Tools
  67. Hacking Tools For Beginners
  68. Hacker Tools For Pc
  69. Hacking Tools For Mac
  70. Hacker Tools Free
  71. How To Make Hacking Tools
  72. Hackers Toolbox
  73. Pentest Tools Website
  74. Best Pentesting Tools 2018
  75. Hacker Tools For Windows
  76. Hack Tools
  77. Best Hacking Tools 2019
  78. Pentest Tools For Ubuntu
  79. Hak5 Tools
  80. Hacker Tools 2020
  81. Hacker Tools Free
  82. Hacking Tools For Kali Linux
  83. Hacking Tools For Pc
  84. Tools 4 Hack
  85. Hacking Tools And Software
  86. Hacking Tools Windows 10
  87. Hak5 Tools
  88. Hack Tool Apk
  89. Pentest Tools Kali Linux
  90. Hacking Tools For Games
  91. Hack Tools For Ubuntu
  92. Hack Rom Tools

Geen opmerkings nie:

Plaas 'n opmerking