For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go. If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.
http://consolecowboys.org/pillager/pillage_0.7.zip
Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]
Release Notes:
--Fixed bugs and optimized code
--Added Docstrings
--Fixed Named and Data searches from config files
About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.
Supported Platforms:
--------------------
-Oracle
-MSSQL
-MYSQL
-PostGreSQL
Usage Examples:
************************************************************************
For Mysql Postgres and MsSQL pillaging:
---------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password]
For Oracle pillaging you need a SID connection string:
------------------------------------------------------
python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
Grab some hashes and Hipaa specific:(Default is PCI)
------------------------------------
python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa
Drop into a SQL CMDShell:
-------------------------
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q
Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D
Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N
Switch Options:
---------------------
-# --hashes = grab database password hashes
-l --limit = limit the amount of rows that are searched or when displaying data (options = any number)
-s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
-u --user = Database servers username
-p --pass = Password for the database server
-a --address = Ipaddress of the database server
-d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
-r --report = report format (HTML, XML, screen(default))
-N --nameSearch = Search via inputFiles/tables.txt
-D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
Prerequisites:
-------------
python v2 (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
cx_oracle (cx-oracle.sourceforge.net)
psycopg2 (initd.org/psycopg/download/)
MySQLdb (should be on BT by default)
pymssql (should be on BT by default)
Related word
- Pentest Tools For Ubuntu
- Pentest Tools Framework
- Wifi Hacker Tools For Windows
- Tools For Hacker
- Underground Hacker Sites
- Hacker Tools List
- Hacker
- Hacker Tools 2020
- Hack Tools For Games
- Hacker Tools Free
- Hacking Tools Kit
- Hack Tools Online
- Pentest Tools Alternative
- Hacker Tools Github
- Hacker Tools Github
- Pentest Tools Download
- Hack And Tools
- Hacker Tools
- Hack Tools For Pc
- Hack App
- Hak5 Tools
- Hak5 Tools
- Pentest Tools Windows
- Pentest Tools Windows
- Pentest Tools Online
- Pentest Tools List
- Physical Pentest Tools
- Hacker Tools 2019
- Beginner Hacker Tools
- Usb Pentest Tools
- Pentest Tools Framework
- Hacking Tools For Beginners
- Growth Hacker Tools
- Pentest Tools Windows
- Hacks And Tools
- Hack Tools For Games
- Hacking Tools 2019
- Hack App
- How To Make Hacking Tools
- Hack Tools For Pc
- Hacker Tools For Ios
- Pentest Tools Kali Linux
- Pentest Tools Android
- Hacker Tools Mac
- Hacking Tools For Windows 7
- Hacker Tool Kit
- Pentest Tools Bluekeep
- Hacking Tools Download
- Pentest Tools Alternative
- Nsa Hack Tools Download
- Hack Tools Pc
- Top Pentest Tools
- Blackhat Hacker Tools
- Hacker Tool Kit
- What Is Hacking Tools
- Hack Tools Mac
- Nsa Hacker Tools
- Pentest Tools Tcp Port Scanner
- Hacking Tools Github
- New Hacker Tools
- Nsa Hack Tools Download
- Hacker Search Tools
- Hacking Tools Hardware
- Hack Tool Apk No Root
- Pentest Tools Bluekeep
- Pentest Tools Framework
- Hack Tools For Mac
- Best Pentesting Tools 2018
- Pentest Tools Review
- Hacking Tools For Beginners
- Hacking Tools For Kali Linux
- Hacker Tools 2019
- Pentest Tools Kali Linux
- Pentest Tools Github
- Free Pentest Tools For Windows
- Top Pentest Tools
- Hacking Tools
- Free Pentest Tools For Windows
- Hacking Tools Kit
- Hacking App
- Hacker Security Tools
- Hack Tools For Ubuntu
- Pentest Tools Port Scanner
- Pentest Tools Tcp Port Scanner
- Pentest Tools Subdomain
- Bluetooth Hacking Tools Kali
- Best Hacking Tools 2019
- Nsa Hack Tools Download
- Hack Tools For Pc
- Pentest Tools Open Source
- Hack Tools Pc
- Hacking Tools Hardware
- Hacking Tools 2020
- Hack Tools Online
- Best Hacking Tools 2019
- Hacker Hardware Tools
- Pentest Tools Alternative
- Hack And Tools
- Hack Tools For Mac
- World No 1 Hacker Software
- Pentest Tools Website
- Pentest Tools Find Subdomains
Tidak ada komentar:
Posting Komentar