The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.

http://consolecowboys.org/pillager/pillage_0.7.zip



Ficti0n$ python pillager.py
 
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

About:
The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:
        --------------------
-Oracle
-MSSQL
-MYSQL
        -PostGreSQL
     

        Usage Examples:
        ************************************************************************
        
        For Mysql Postgres and MsSQL pillaging:
        ---------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        
        
        For Oracle pillaging you need a SID connection string:
        ------------------------------------------------------
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]
        

        Grab some hashes and Hipaa specific:(Default is PCI)
        ------------------------------------
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa


Drop into a SQL CMDShell:
-------------------------
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
-------------------------------
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

     
     
        Switch Options:
        ---------------------
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
     
     
        Prerequisites:
        -------------
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)
     

More articles

1. Hack Tools
2. Hack Rom Tools
3. Hack Website Online Tool
4. Wifi Hacker Tools For Windows
5. Pentest Tools Android
6. Pentest Tools Find Subdomains
7. Hacking Tools For Games
8. Hack Tools
9. Tools 4 Hack
10. Pentest Tools Free
11. Pentest Tools Windows
12. Hack Tools Download
13. Usb Pentest Tools
14. Hacker Tools Apk Download
15. Pentest Tools Url Fuzzer
16. Pentest Tools Framework
17. Pentest Tools Subdomain
18. Pentest Tools For Android
19. World No 1 Hacker Software
20. World No 1 Hacker Software
21. Hacks And Tools
22. Hack And Tools
23. Computer Hacker
24. Kik Hack Tools
25. Hacking Tools Pc
26. What Is Hacking Tools
27. What Are Hacking Tools
28. Pentest Tools Nmap
29. Easy Hack Tools
30. Hack Rom Tools
31. Android Hack Tools Github
32. Hacker Tools Hardware
33. Hack Tool Apk
34. Hacking Tools And Software
35. Blackhat Hacker Tools
36. Hacking Tools Mac
37. Hacking Tools Hardware
38. Hacking Tools For Games
39. Pentest Tools Android
40. Hacks And Tools
41. Hack Tools For Games
42. Hacker Tools 2020
43. Termux Hacking Tools 2019
44. Pentest Tools Free
45. Hacking Tools For Beginners
46. Usb Pentest Tools
47. Pentest Tools For Ubuntu
48. How To Install Pentest Tools In Ubuntu
49. Pentest Tools Windows
50. Hacking Tools Online
51. Growth Hacker Tools
52. Hacker Search Tools
53. Hackrf Tools
54. Pentest Tools Free
55. Pentest Tools Download
56. Pentest Box Tools Download
57. Pentest Tools List
58. Hacking Tools For Windows
59. Hack Tools For Windows
60. Bluetooth Hacking Tools Kali
61. Hacking Tools Name
62. Pentest Tools Url Fuzzer
63. Nsa Hack Tools Download
64. Tools For Hacker
65. Pentest Tools Github
66. Hacker Search Tools
67. Hacker Tools Linux
68. Top Pentest Tools
69. Hack Tools For Games
70. Hack Tools 2019
71. Hack Apps
72. Pentest Tools Url Fuzzer
73. Pentest Tools Windows
74. Hack Tools For Ubuntu
75. Hack Tools Online
76. How To Hack
77. Hacker Tool Kit
78. Wifi Hacker Tools For Windows
79. Best Pentesting Tools 2018
80. Hacker Tools Hardware
81. Pentest Tools Apk
82. Pentest Reporting Tools
83. Hacker Tools Linux
84. Hacking Tools For Beginners
85. Bluetooth Hacking Tools Kali
86. Hack Apps
87. Hacking Tools 2019
88. Hacking Tools For Pc
89. Pentest Tools Download
90. Pentest Tools Online
91. Hack Tools 2019
92. Hacker Tools List
93. Hack Tools For Games
94. Hacker Tools Software
95. Tools 4 Hack
96. Hack And Tools
97. Pentest Tools Bluekeep
98. Tools Used For Hacking
99. Nsa Hacker Tools
100. Hacking Tools Windows 10
101. Hacker Tools Free Download
102. Hacker Tools 2019
103. Pentest Tools Linux
104. Hackers Toolbox
105. Pentest Tools Github
106. Hacking Tools For Windows Free Download
107. Pentest Tools Website
108. Computer Hacker
109. Tools Used For Hacking
110. Pentest Tools Find Subdomains
111. Hacking Tools For Windows Free Download
112. Hack Tools Download
113. Pentest Tools Kali Linux
114. Hackers Toolbox
115. Hacking Tools Free Download
116. Pentest Tools Port Scanner