sexta-feira, 28 de agosto de 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related links


  1. Top Pentest Tools
  2. Pentest Tools Windows
  3. Easy Hack Tools
  4. Hack Rom Tools
  5. Tools Used For Hacking
  6. Usb Pentest Tools
  7. Best Hacking Tools 2020
  8. Pentest Tools Windows
  9. Termux Hacking Tools 2019
  10. Hacking App
  11. Computer Hacker
  12. Hacking Tools Software
  13. Hacker
  14. Hacking Tools Windows
  15. Tools Used For Hacking
  16. Pentest Tools
  17. Hacking Tools For Windows
  18. Hacking Tools Kit
  19. Pentest Tools Website Vulnerability
  20. Pentest Automation Tools
  21. Game Hacking
  22. Hack Tools 2019
  23. Github Hacking Tools
  24. Top Pentest Tools
  25. Hacker Search Tools
  26. Pentest Tools Android
  27. Hacking Tools Mac
  28. Hacking Tools Online
  29. Hacking Tools Download
  30. Underground Hacker Sites
  31. Hackrf Tools
  32. Hackrf Tools
  33. Hacking Tools For Windows
  34. Game Hacking
  35. New Hack Tools
  36. What Are Hacking Tools
  37. Nsa Hack Tools Download
  38. Hack Tools Pc
  39. Pentest Tools For Ubuntu
  40. Hacking Tools Mac
  41. Hack Tools Download
  42. Best Hacking Tools 2020
  43. Pentest Tools Url Fuzzer
  44. Pentest Tools Alternative
  45. Hacking Tools For Windows
  46. Install Pentest Tools Ubuntu
  47. Hacking Tools Pc
  48. Computer Hacker
  49. Tools For Hacker
  50. Hacker Tools Apk Download
  51. What Is Hacking Tools
  52. Hacking Tools Free Download
  53. Hacking Tools Usb
  54. Pentest Tools
  55. Pentest Tools Review
  56. Hack Tools
  57. Best Hacking Tools 2019
  58. Game Hacking
  59. World No 1 Hacker Software
  60. Hacker Tools Free Download
  61. Hacker Tools 2019
  62. Hacking Tools For Windows Free Download
  63. Hacker Tools Windows
  64. Hacking Tools Name
  65. Pentest Tools Website
  66. Hacker Tools Windows
  67. Hacking Tools Software
  68. Hacker Tools For Pc
  69. New Hack Tools
  70. Hacker Tool Kit
  71. Hacking Tools Free Download
  72. Pentest Tools List
  73. Pentest Tools Alternative
  74. Hacker Tools Windows
  75. Hack Tools For Windows
  76. Hacking Tools For Windows Free Download
  77. Hack App
  78. Hacking Tools Kit
  79. Pentest Tools Tcp Port Scanner
  80. Hacker Tools Software
  81. Hacking Tools 2020
  82. Pentest Tools Windows
  83. Nsa Hack Tools
  84. Pentest Tools Find Subdomains
  85. Hack Tools Github
  86. Pentest Tools For Mac
  87. Hacking Tools For Windows 7
  88. Hack Tools For Pc
  89. Hacker Tools Free
  90. Pentest Tools Download
  91. Best Hacking Tools 2019
  92. Hacker Tools Mac
  93. Pentest Tools Website
  94. Pentest Tools Framework
  95. Pentest Tools Apk
  96. Hacker Tools Free Download
  97. Hack And Tools
  98. Hacking Apps
  99. Physical Pentest Tools
  100. Hacking Tools Pc
  101. Hacking Tools Name
  102. Hacking Tools For Games
  103. Pentest Tools Subdomain
  104. Hack Tools 2019
  105. Hacker Tools Online
  106. Hacker Tools Online
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)