The Pillager 0.7 Release

Saturday, August 29, 2020 11:02 PM Posted by Unknown
I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

Continue reading


  1. Nsa Hack Tools Download
  2. Hacking Tools Hardware
  3. New Hack Tools
  4. Pentest Tools Free
  5. Pentest Tools For Mac
  6. Hacking Tools For Beginners
  7. Nsa Hack Tools Download
  8. Hacker
  9. Hacking App
  10. Hacker Tools Online
  11. Pentest Tools Apk
  12. Hacker Tools
  13. Hacking Tools Windows 10
  14. Hack And Tools
  15. Hacker Tools Linux
  16. Pentest Tools Bluekeep
  17. Hacker Tools For Ios
  18. Pentest Tools Linux
  19. Hacking Apps
  20. Hack Website Online Tool
  21. Bluetooth Hacking Tools Kali
  22. Hacking Tools Name
  23. Pentest Tools For Mac
  24. Hacker Tools Free Download
  25. Hacker Tools Mac
  26. Pentest Tools Bluekeep
  27. Pentest Tools Website Vulnerability
  28. Hackrf Tools
  29. Hacker Tools
  30. Hacking Tools For Windows
  31. Hacking Tools Download
  32. New Hack Tools
  33. Hacker Tools Windows
  34. Hack Apps
  35. Physical Pentest Tools
  36. Hacker Tools Free Download
  37. Pentest Tools List
  38. Hacker Techniques Tools And Incident Handling
  39. New Hack Tools
  40. Pentest Reporting Tools
  41. Nsa Hacker Tools
  42. New Hack Tools
  43. Pentest Reporting Tools
  44. Pentest Tools Free
  45. Hack Tools Mac
  46. Hacking Tools Kit
  47. Hacker Tools Windows
  48. Hacking Tools For Windows 7
  49. Hacking Tools Pc
  50. Hacker Tools Github
  51. Hackers Toolbox
  52. How To Make Hacking Tools
  53. Hacking Tools 2019
  54. Hacker
  55. Nsa Hacker Tools
  56. New Hacker Tools
  57. Pentest Reporting Tools
  58. Best Pentesting Tools 2018
  59. How To Install Pentest Tools In Ubuntu
  60. Nsa Hack Tools
  61. Hacking Tools Windows
  62. Hacker Techniques Tools And Incident Handling
  63. Hack Tools For Games
  64. Tools For Hacker
  65. Pentest Tools Nmap
  66. Hacking Tools 2020
  67. Hacking Tools For Games
  68. Hacker Tools Hardware
  69. Install Pentest Tools Ubuntu
  70. Hacker Tools Hardware
  71. Hacking Tools Kit
  72. Hack Rom Tools
  73. Hack Tools Download
  74. Hacker Tools For Pc
  75. Hacking Tools Name
  76. Pentest Tools Online
  77. Wifi Hacker Tools For Windows
  78. Pentest Tools For Mac
  79. Pentest Tools Download
  80. Hacking Tools Github
  81. Hacking Tools Windows
  82. Hacking Tools For Kali Linux
  83. Hack Tools For Windows
  84. Pentest Tools Linux
  85. Hacker Security Tools
  86. Hack Website Online Tool
  87. Hacker Tools Windows
  88. Pentest Tools Tcp Port Scanner
  89. Hacking Tools Github
  90. Hack Tools For Ubuntu
  91. Hack Tools
  92. Hacking Tools For Windows Free Download
  93. Hacker Tools Online
  94. Pentest Tools Linux
  95. Black Hat Hacker Tools
  96. Hacking Tools And Software
  97. Computer Hacker
  98. Best Hacking Tools 2020
  99. Hacking Tools For Games
  100. Ethical Hacker Tools
  101. Hacker Search Tools
  102. Hacking Tools 2019
0 comments
0 Responses

Post a Comment

Subscribe to: Post Comments (Atom)
abcs