Saturday, September 3, 2011

DataBase Pillager 0.5 Release (Video) Targeted data searches

Updated Link + Features 9/27/2011 after this initial post (New Query-Cmd Line "-q" to drop you into a sql shell and data formatting on display)  
Example: python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor -q
Release 0.6: LINK:Download Pillager 0.6

Been busy as hell lately but I am working on a lot of stuff regarding SQL and Web Hacking stuff I will release soon, but right now I am releasing the newest version of the database pillager. There are numerous new features, optimizations and future development started and some really cool stuff. Currently the newest features include:

New Features:
Database/Table Name targeted searches (done)
Targeted Data searches within columns (done)
Reporting Options (Partially done)
GUI (In development)
Universal SQL CMD shell (Done mysql,mssql)
Also fixing a few more bugs related to mssql and unicode

Video Contents:
The below video will show how to make the most of the tool and show the newest targeted data searches as well as some program structure so you can make some simple modifications.


Untitled from ficti0n on Vimeo.



Commands used:

Simple Pillage:
python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor

Grab Hashes:
python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor --hashes

Database/Table Search based on a list:
python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor -n

Targeted Data Search bases on keyword list:
python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor  -D

Hipaa Search Specifically:
python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor -s hipaa

Limiting data:
python dbpillage.py -a 127.0.0.1 -d mysql -u root -p toor  -s hipaa -l 1

Location of Lists:
inputFiles directory

2 comments:

  1. Hi,
    U hv done a great job, but please could u explain,the steps to use in installing this pillager tool on backtrack becoz ,hv tried to install it on Backtrack5R1 but is not working.Thanks

    ReplyDelete
  2. Hey I just updated the download link for you... That one has some new features and also a install.sh file you can run in BT5.... That will get everything up and running other then Oracle functionality... I have commented out the oracle based stuff so you wont get errors in BT5 which removed oracle by defualt... I personally use bt4r2 since oracle is installed by default and only needs cx_oracle installed
    If you want oracle to work you are going to have to download and install all of the oracle based packages from oracle and then install cx_oracle python package then uncomment the code for oracle in the connections.py file..

    Enjoy
    Ficti0n

    ReplyDelete

Note: Only a member of this blog may post a comment.

Real World Social Engineering Part 2: Integrating SE With Stealth Badge Readers Tips and Tricks

 Below is a video on using stealth readers with social engineering to gain access to physical targets on your penetration tests..   This is ...