I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code. However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released.. As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.
For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go. If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.
http://consolecowboys.org/pillager/pillage_0.7.zip
Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]
Release Notes:
--Fixed bugs and optimized code
--Added Docstrings
--Fixed Named and Data searches from config files
About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.
Supported Platforms:
--------------------
-Oracle
-MSSQL
-MYSQL
-PostGreSQL
Usage Examples:
************************************************************************
For Mysql Postgres and MsSQL pillaging:
---------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password]
For Oracle pillaging you need a SID connection string:
------------------------------------------------------
python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
Grab some hashes and Hipaa specific:(Default is PCI)
------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa
Drop into a SQL CMDShell:
-------------------------
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q
Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D
Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N
Switch Options:
---------------------
-# --hashes = grab database password hashes
-l --limit = limit the amount of rows that are searched or when displaying data (options = any number)
-s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
-u --user = Database servers username
-p --pass = Password for the database server
-a --address = Ipaddress of the database server
-d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
-r --report = report format (HTML, XML, screen(default))
-N --nameSearch = Search via inputFiles/tables.txt
-D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
Prerequisites:
-------------
python v2 (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
cx_oracle (cx-oracle.sourceforge.net)
psycopg2 (initd.org/psycopg/download/)
MySQLdb (should be on BT by default)
pymssql (should be on BT by default)
More info
- Hack Tools For Games
- Pentest Tools Nmap
- Hacking Tools
- Hacking Tools Kit
- Hacker Tools Hardware
- Hack Tools For Windows
- Nsa Hacker Tools
- Physical Pentest Tools
- Hacking Tools Mac
- Hacking Tools Hardware
- Hacking Tools For Pc
- Hack Rom Tools
- Hacking Tools Name
- Hacking Tools Hardware
- Pentest Tools Android
- Hacking Tools For Pc
- Pentest Tools Github
- Hack Website Online Tool
- Pentest Tools List
- Kik Hack Tools
- Pentest Tools Subdomain
- Hack Tools
- Computer Hacker
- Best Pentesting Tools 2018
- Hacker Tools Github
- What Is Hacking Tools
- Hacking Apps
- Free Pentest Tools For Windows
- Hacking Tools For Mac
- Hack Tools Mac
- What Are Hacking Tools
- Pentest Tools
- Hacking Apps
- Hack Tools 2019
- Easy Hack Tools
- Hacking Tools Software
- Computer Hacker
- Hacker Tools For Mac
- Hacker Tools 2019
- Kik Hack Tools
- Hacking App
- Nsa Hacker Tools
- Pentest Tools Bluekeep
- Bluetooth Hacking Tools Kali
- Pentest Tools Free
- Easy Hack Tools
- New Hacker Tools
- Hacking Tools For Games
- Physical Pentest Tools
- Hack Tools For Windows
- Hack Tools For Pc
- Pentest Tools Url Fuzzer
- Pentest Tools Alternative
- Hack Tool Apk
- Hacker Tools Apk Download
- Pentest Tools Alternative
- Bluetooth Hacking Tools Kali
- Hacking Tools 2020
- Hacker Tools 2019
- Hacking Tools Github
- How To Hack
- Hack Tools For Windows
- Pentest Tools Android
- Hacker Hardware Tools
- Hack Tools For Windows
- Hacker Tools Linux
- Best Hacking Tools 2019
- Hacker Tools Software
- Pentest Tools Bluekeep
- What Are Hacking Tools
- Android Hack Tools Github
- Hacker Tools For Ios
- Pentest Tools Tcp Port Scanner
- Pentest Tools
- Hacker Tool Kit
- Pentest Automation Tools
- Pentest Tools List
- Android Hack Tools Github
- Pentest Tools Url Fuzzer
- Hacker Tools Hardware
- Pentest Tools Website
- Hacker Tools Online
- Pentest Tools Website
- Hack Tools Mac
- Pentest Tools Website
- Hacker Tools
- Pentest Tools Website
- Hackers Toolbox
- Nsa Hack Tools Download
- Pentest Tools Website Vulnerability
- Hack Tools For Ubuntu
- Pentest Tools Windows
- Pentest Tools Url Fuzzer
- Pentest Tools Review
- Hacking Tools Online
- Hacker Tools For Pc
- Hack Tools For Games
- Pentest Tools Open Source
- Hacker Tool Kit
- Hacking Tools Windows 10
- Hacker Hardware Tools
- Hacking Tools Software
- Hacking Tools Software
- Hack Tools
- Hack Tool Apk No Root
- Hacks And Tools
- Hacking Tools Software
- Hacking Tools Windows
- Hack Tools Github
- Hacking Apps
- Hack Rom Tools
- Hacking Tools Usb
- Hacker Tools For Ios
- Pentest Tools Android
- Hack Tools Github
- Hacking Tools 2020
- Hacker Tools Mac
- Hackrf Tools
- Pentest Tools Review
- Pentest Tools Find Subdomains
- Pentest Tools Alternative
- How To Make Hacking Tools
- Hack Tool Apk
- Pentest Tools Url Fuzzer
- Hacker Tools
- Pentest Recon Tools
- Hacking Tools Software
- Hacking Tools For Kali Linux
- Top Pentest Tools
- Pentest Tools Bluekeep
- Hack And Tools
- Hacking Tools For Games
- Hacking Tools For Beginners
- Pentest Tools Tcp Port Scanner
- Hacking Tools Download
- World No 1 Hacker Software
- Hack Tool Apk No Root
- Hacker Tools 2019
- Top Pentest Tools
Posts
