Kamis, 20 Agustus 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Related word
  1. Pentest Tools For Ubuntu
  2. Pentest Tools Framework
  3. Wifi Hacker Tools For Windows
  4. Tools For Hacker
  5. Underground Hacker Sites
  6. Hacker Tools List
  7. Hacker
  8. Hacker Tools 2020
  9. Hack Tools For Games
  10. Hacker Tools Free
  11. Hacking Tools Kit
  12. Hack Tools Online
  13. Pentest Tools Alternative
  14. Hacker Tools Github
  15. Hacker Tools Github
  16. Pentest Tools Download
  17. Hack And Tools
  18. Hacker Tools
  19. Hack Tools For Pc
  20. Hack App
  21. Hak5 Tools
  22. Hak5 Tools
  23. Pentest Tools Windows
  24. Pentest Tools Windows
  25. Pentest Tools Online
  26. Pentest Tools List
  27. Physical Pentest Tools
  28. Hacker Tools 2019
  29. Beginner Hacker Tools
  30. Usb Pentest Tools
  31. Pentest Tools Framework
  32. Hacking Tools For Beginners
  33. Growth Hacker Tools
  34. Pentest Tools Windows
  35. Hacks And Tools
  36. Hack Tools For Games
  37. Hacking Tools 2019
  38. Hack App
  39. How To Make Hacking Tools
  40. Hack Tools For Pc
  41. Hacker Tools For Ios
  42. Pentest Tools Kali Linux
  43. Pentest Tools Android
  44. Hacker Tools Mac
  45. Hacking Tools For Windows 7
  46. Hacker Tool Kit
  47. Pentest Tools Bluekeep
  48. Hacking Tools Download
  49. Pentest Tools Alternative
  50. Nsa Hack Tools Download
  51. Hack Tools Pc
  52. Top Pentest Tools
  53. Blackhat Hacker Tools
  54. Hacker Tool Kit
  55. What Is Hacking Tools
  56. Hack Tools Mac
  57. Nsa Hacker Tools
  58. Pentest Tools Tcp Port Scanner
  59. Hacking Tools Github
  60. New Hacker Tools
  61. Nsa Hack Tools Download
  62. Hacker Search Tools
  63. Hacking Tools Hardware
  64. Hack Tool Apk No Root
  65. Pentest Tools Bluekeep
  66. Pentest Tools Framework
  67. Hack Tools For Mac
  68. Best Pentesting Tools 2018
  69. Pentest Tools Review
  70. Hacking Tools For Beginners
  71. Hacking Tools For Kali Linux
  72. Hacker Tools 2019
  73. Pentest Tools Kali Linux
  74. Pentest Tools Github
  75. Free Pentest Tools For Windows
  76. Top Pentest Tools
  77. Hacking Tools
  78. Free Pentest Tools For Windows
  79. Hacking Tools Kit
  80. Hacking App
  81. Hacker Security Tools
  82. Hack Tools For Ubuntu
  83. Pentest Tools Port Scanner
  84. Pentest Tools Tcp Port Scanner
  85. Pentest Tools Subdomain
  86. Bluetooth Hacking Tools Kali
  87. Best Hacking Tools 2019
  88. Nsa Hack Tools Download
  89. Hack Tools For Pc
  90. Pentest Tools Open Source
  91. Hack Tools Pc
  92. Hacking Tools Hardware
  93. Hacking Tools 2020
  94. Hack Tools Online
  95. Best Hacking Tools 2019
  96. Hacker Hardware Tools
  97. Pentest Tools Alternative
  98. Hack And Tools
  99. Hack Tools For Mac
  100. World No 1 Hacker Software
  101. Pentest Tools Website
  102. Pentest Tools Find Subdomains

Tidak ada komentar:

Posting Komentar