Twitter Updates

    follow me on Twitter

    List for 4.5% and get 1% cash back on your purchase

    Tuesday, May 19, 2020

    The Pillager 0.7 Release

    I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

    For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

    http://consolecowboys.org/pillager/pillage_0.7.zip



    Ficti0n$ python pillager.py
     
    [---] The Database Pillager (DBPillage) [---]
    [---] CcLabs Release [---]
    [---] Authors: Ficti0n, [---]
    [---] Contributors: Steponequit [---]
    [---] Version: 0.7 [---]
    [---] Find Me On Twitter: ficti0n [---]
    [---] Homepage: http://console-cowboys.blogspot.com [---]

    Release Notes:
     --Fixed bugs and optimized code
     --Added Docstrings
     --Fixed Named and Data searches from config files                 

    About:
    The Database Pillager is a multiplatform database tool for searching and browsing common
    database platforms encountered while penetration testing. DBPillage can be used to search
    for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
    and search for specified tables/data instances.
    DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
    extraction of data without the use of database platform specific GUI based tools that
    are difficult to use and make my job harder.

    Supported Platforms:
            --------------------
    -Oracle
    -MSSQL
    -MYSQL
            -PostGreSQL
         

            Usage Examples:
            ************************************************************************
            
            For Mysql Postgres and MsSQL pillaging:
            ---------------------------------------
            python dbPillage -a [address] -d [dbType] -u [username] -p [password]
            
            
            For Oracle pillaging you need a SID connection string:
            ------------------------------------------------------
            python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
            

            Grab some hashes and Hipaa specific:(Default is PCI)
            ------------------------------------
            python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


    Drop into a SQL CMDShell:
    -------------------------
            python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

    Config file specified searches:
    -------------------------------
    Search for data Items from inputFiles/data.txt:
            python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

    Search for specific table names from inputFiles/tables.txt:
    python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

         
         
            Switch Options:
            ---------------------
            -# --hashes = grab database password hashes
            -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
            -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
            -u --user = Database servers username
            -p --pass = Password for the database server
            -a --address = Ipaddress of the database server
            -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
            -r --report = report format (HTML, XML, screen(default))
            -N --nameSearch = Search via inputFiles/tables.txt
            -D --dataSearch = Targeted data searches per inputFiles/data.txt
    -q --queryShell = Drop into a SQL CMDshell in mysql or mssql
         
         
            Prerequisites:
            -------------
            python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
            cx_oracle (cx-oracle.sourceforge.net)
            psycopg2  (initd.org/psycopg/download/)
            MySQLdb   (should be on BT by default)
            pymssql   (should be on BT by default)
         

    Related news

    1. Blog Seguridad Informática
    2. House Hacking
    3. Growth Hacking Definicion
    4. Hacking Articles
    5. Hacking Language
    6. Ultimate Hacking Keyboard
    7. Significado De Hacker

    No comments:

    Post a Comment

    Home for sale- $2,000 rebate!

    Ready Real Estate slide show

    Become a fan of my page

    Sheree Dutton, Reatlor, DFW, Texas on Facebook
    Powered By Blogger

    Pandora Faves

    Back on the market, price reduced, 1% cash back rebate offered

    Sheree Dutton | Ready Real Estate | 817-975-0461
    222 Birchwood, Azle, TX
    Back on the market, price reduced and 15 cash back rebate offered!
    3BR/2BA Single Family House
    offered at $102,500
    Year Built 2006
    Sq Footage 1,142
    Bedrooms 3
    Bathrooms 2 full, 0 partial
    Floors 1
    Parking 3 Covered spaces
    Lot Size .225 acres
    HOA/Maint $0 per month

    DESCRIPTION


    Wow, talk about pride of ownership! This house has too many upgrades to count, and is so well cared for. You must see it to believe it! A lot of value in this perfect starter home.

    OPEN HOUSE SUNDAY MAY 3RD 2+5 pm

    see additional photos below
    PROPERTY FEATURES

    - Central A/C - Central heat - Fireplace
    - High/Vaulted ceiling - Walk-in closet - Tile floor
    - Living room - Breakfast nook - Dishwasher
    - Refrigerator - Stove/Oven - Microwave
    - Laundry area - inside - Balcony, Deck, or Patio - Yard

    OTHER SPECIAL FEATURES

    - 1 car garage, covered carport for 2 cars
    - covered wood deck in backyard
    - gutters
    - storage shed
    - newly stained wood fence
    - electric fireplace added, with tile hearth
    - upgraded ceiling fans and light fixtures
    - island in kitchen

    ADDITIONAL PHOTOS


    Fantastic curb appeal

    covered wood deck in back

    living room

    kitchen with island

    breakfast nook

    master bedroom
    Contact info:
    Sheree Dutton
    Ready Real Estate
    817-975-0461
    For sale by agent/broker

    powered by postlets Equal Opportunity Housing
    Posted: Sep 11, 2009, 7:31am PDT

    Blog Archive