Wednesday, April 6, 2011

DbPillage Release 0.3

Database Pillager Release 0.3 
(Couple New features and updates)

Quick announcement on the Database Pillager tool. I have added in new features and updated many things...  Below is some info and an example.

Updated Download Link: (0.6)
http://consolecowboys.org/pillager/pillage_0.6.zip


Updates/Features:
-Grabs database password hashes from each database type when -# or --hashes is used

-Implemented Hipaa Searches for all kinds of data (just searched the web for regexes :) haha if you have more I will be happy to add them)

    * SSN
      SSN with Dashes                 
      SSN with spaces
      ICD10                                        
      Carefirst ID
      dental Procedure
      ICD9/ICD9CMType1
      ICD9/ICD9CMType2     
     




CommandLine Syntax Changed:

With the new functionality also comes new syntax so make sure to check the initial screen output by simply typing:
python dbpillage.py


Simple db query example with grab hashes and HIPAA search options:


root@bt:~/pillage# python dbPillage.py -a 127.0.0.1 -d mysql -u root --pass toor --hashes -s hipaa

 Grabbing User/Password hashes for mysql:
Hashes:
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')


Try cracking mysql passwords with johnTheRipper

Would you also like to pillage y/n:y

Select a database to pillage:

1: information_schema
2: PCItest
3: msf3
4: mysql

Choose the database you want by typing the number next to your DB choice
Or rip through every database by typing "cowboy" to rape everything: cowboy

Parsing the the tables out of information_schema database

Searching for hipaa data in----Database:msf3| Table:campaigns
Found hipaa data: SSNDashed: Removed Sensitive data
Searching for hipaa data in----Database:msf3| Table:clients
Searching for hipaa data in----Database:msf3| Table:imported_creds
Searching for hipaa data in----Database:msf3| Table:loots
Searching for hipaa data in----Database:msf3| Table:notes
Found hipaa data: Possible SSN: Removed Sensitive data
 Searching for hipaa data in----Database:msf3| Table:project_members
 Searching for hipaa data in----Database:msf3| Table:refs
 Searching for hipaa data in----Database:mysql| Table:time_zone_transition
 Searching for hipaa data in----Database:mysql| Table:time_zone_transition_type
 Searching for hipaa data in----Database:mysql| Table:user

 Here is some possible HIPAA data for review
['Removed Sensitive Data']

Review the following Database:Tables pairs for HIPAA sensitive data
[['msf3', 'campaigns'], ['msf3', 'notes']]

None
Try Again? y/n:n


Hope this makes the tool more useful, there are many more features being added but I wanted to at least release the tool to everyone with the HIPAA portion implemented before I get into a bunch of other database related stuff....  If anyone has any suggestion of stuff they run into on penetration tests regarding database pillaging and enumeration please send over some ideas :)


Note, there are many HIPAA related regular expressions which might cause a number of false positives, if you are having this problem feel free to just go into the attackpci.py file and remove all but the SSN related info if that's all your actually wanting to search for.  Also if you have suggestions of other stuff to search for or want to donate some reg-ex... YAY

No comments:

Post a Comment

Learning Binary Ninja For Reverse Engineering and Scripting

 Recently added a new playlist with about 1.5 hours of Binary Ninja Content so far..    Video 1: I put this out a couple months ago covering...