The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

More articles

1. Hack Tools For Mac
2. Hack Tools Download
3. How To Make Hacking Tools
4. Black Hat Hacker Tools
5. Hacking Tools Mac
6. Hack Tools
7. Pentest Tools Framework
8. Hacker Tools 2020
9. Hack And Tools
10. Pentest Tools Free
11. Pentest Tools List
12. Hack App
13. Hacking Tools Free Download
14. Hacker Tools Github
15. Hack Tools Online
16. Hack Tools For Mac
17. Hacking Tools Mac
18. Hack Tools 2019
19. Pentest Tools Tcp Port Scanner
20. Hacking Tools Mac
21. Hacking Tools Github
22. What Is Hacking Tools
23. Hack Tools For Pc
24. Pentest Tools Github
25. Beginner Hacker Tools
26. Install Pentest Tools Ubuntu
27. Hack Tools Github
28. Hacker Tools Mac
29. Hacker Hardware Tools
30. Hacking Tools Kit
31. Pentest Tools Open Source
32. What Are Hacking Tools
33. Pentest Tools Port Scanner
34. Pentest Tools Subdomain
35. Pentest Tools Free
36. Nsa Hack Tools
37. Hacking Tools Hardware
38. Hacker Hardware Tools
39. Hacker Tools Online
40. Top Pentest Tools
41. Tools For Hacker
42. Pentest Tools Url Fuzzer
43. Hack Tools Mac
44. Hacking Tools Kit
45. Bluetooth Hacking Tools Kali
46. Termux Hacking Tools 2019
47. Pentest Tools Free
48. Hacking Tools For Windows
49. Pentest Tools For Ubuntu
50. Pentest Automation Tools
51. Pentest Tools Review
52. Pentest Tools Website Vulnerability
53. Black Hat Hacker Tools
54. Hacker Tools Github
55. Hacker Tools List
56. Hacker Tools List
57. Pentest Automation Tools
58. Hacking Tools Download
59. Hacker Tools Hardware
60. Pentest Tools Alternative
61. Hackers Toolbox
62. Hacker Tools
63. Hackers Toolbox
64. Pentest Tools Subdomain
65. Hack Tools
66. Pentest Tools Tcp Port Scanner
67. Hack Tools Mac
68. Best Hacking Tools 2019
69. Hacking Tools
70. Nsa Hack Tools
71. Pentest Tools Github
72. Hack Tools Github
73. New Hack Tools
74. Pentest Recon Tools
75. Hacker Tools Github
76. Pentest Tools Review
77. Best Pentesting Tools 2018
78. Hack Tools
79. Tools Used For Hacking
80. Game Hacking
81. Computer Hacker
82. Hack And Tools
83. Usb Pentest Tools
84. Hacking Tools For Windows 7
85. Hack Tools For Windows
86. Pentest Tools
87. Pentest Box Tools Download
88. What Is Hacking Tools
89. Best Hacking Tools 2019
90. Hacking Tools For Pc
91. Hacking Tools For Windows 7
92. Hacker Tools Windows
93. Hack Tools
94. Hack Tools For Ubuntu
95. Hacking Tools
96. Pentest Tools Apk
97. Tools Used For Hacking
98. Hack Tool Apk
99. Pentest Tools Github
100. Hack Tools Online
101. Ethical Hacker Tools
102. Hacking Tools
103. Underground Hacker Sites
104. Game Hacking
105. Hacking Tools Online
106. Hacking Tools For Pc
107. Hack And Tools
108. Nsa Hacker Tools
109. Pentest Tools Apk
110. Pentest Tools Tcp Port Scanner
111. How To Make Hacking Tools
112. Hacking Tools And Software
113. Hacking Tools Download
114. Hacking Tools Hardware
115. New Hack Tools
116. Pentest Tools Website
117. Pentest Tools
118. Pentest Tools Download
119. Top Pentest Tools
120. Hacking Tools Pc
121. Hacker Tools Mac
122. Hack Rom Tools
123. Hacking Tools