DbPillage Release 0.3
Database Pillager Release 0.3
(Couple New features and updates)
Quick announcement on the Database Pillager tool. I have added in new features and updated many things... Below is some info and an example.
Updates/Features:
-Grabs database password hashes from each database type when -# or --hashes is used
-Implemented Hipaa Searches for all kinds of data (just searched the web for regexes :) haha if you have more I will be happy to add them)
* SSN
SSN with Dashes
SSN with spaces
ICD10
Carefirst ID
dental Procedure
ICD9/ICD9CMType1
ICD9/ICD9CMType2
CommandLine Syntax Changed:
With the new functionality also comes new syntax so make sure to check the initial screen output by simply typing:
python dbpillage.py
Simple db query example with grab hashes and HIPAA search options:
root@bt:~/pillage# python dbPillage.py -a 127.0.0.1 -d mysql -u root --pass toor --hashes -s hipaa
Grabbing User/Password hashes for mysql:
Hashes:
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
Try cracking mysql passwords with johnTheRipper
Would you also like to pillage y/n:y
Select a database to pillage:
1: information_schema
2: PCItest
3: msf3
4: mysql
Choose the database you want by typing the number next to your DB choice
Or rip through every database by typing "cowboy" to rape everything: cowboy
Parsing the the tables out of information_schema database
Searching for hipaa data in----Database:msf3| Table:campaigns
Found hipaa data: SSNDashed: Removed Sensitive data
Searching for hipaa data in----Database:msf3| Table:clients
Searching for hipaa data in----Database:msf3| Table:imported_creds
Searching for hipaa data in----Database:msf3| Table:loots
Searching for hipaa data in----Database:msf3| Table:notes
Found hipaa data: Possible SSN: Removed Sensitive data
Searching for hipaa data in----Database:msf3| Table:project_members
Searching for hipaa data in----Database:msf3| Table:refs
Searching for hipaa data in----Database:mysql| Table:time_zone_transition
Searching for hipaa data in----Database:mysql| Table:time_zone_transition_type
Searching for hipaa data in----Database:mysql| Table:user
Here is some possible HIPAA data for review
['Removed Sensitive Data']
Review the following Database:Tables pairs for HIPAA sensitive data
[['msf3', 'campaigns'], ['msf3', 'notes']]
None
Try Again? y/n:n
Hope this makes the tool more useful, there are many more features being added but I wanted to at least release the tool to everyone with the HIPAA portion implemented before I get into a bunch of other database related stuff.... If anyone has any suggestion of stuff they run into on penetration tests regarding database pillaging and enumeration please send over some ideas :)
Note, there are many HIPAA related regular expressions which might cause a number of false positives, if you are having this problem feel free to just go into the attackpci.py file and remove all but the SSN related info if that's all your actually wanting to search for. Also if you have suggestions of other stuff to search for or want to donate some reg-ex... YAY
(Couple New features and updates)
Quick announcement on the Database Pillager tool. I have added in new features and updated many things... Below is some info and an example.
Updated Download Link: (0.6)
http://consolecowboys.org/pillager/pillage_0.6.zip -Grabs database password hashes from each database type when -# or --hashes is used
-Implemented Hipaa Searches for all kinds of data (just searched the web for regexes :) haha if you have more I will be happy to add them)
* SSN
SSN with Dashes
SSN with spaces
ICD10
Carefirst ID
dental Procedure
ICD9/ICD9CMType1
ICD9/ICD9CMType2
CommandLine Syntax Changed:
With the new functionality also comes new syntax so make sure to check the initial screen output by simply typing:
python dbpillage.py
Simple db query example with grab hashes and HIPAA search options:
root@bt:~/pillage# python dbPillage.py -a 127.0.0.1 -d mysql -u root --pass toor --hashes -s hipaa
Grabbing User/Password hashes for mysql:
Hashes:
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
('root', '*9CFBBC772F3F6C106020035386DA5BBBF1249A11')
Try cracking mysql passwords with johnTheRipper
Would you also like to pillage y/n:y
Select a database to pillage:
1: information_schema
2: PCItest
3: msf3
4: mysql
Choose the database you want by typing the number next to your DB choice
Or rip through every database by typing "cowboy" to rape everything: cowboy
Parsing the the tables out of information_schema database
Searching for hipaa data in----Database:msf3| Table:campaigns
Found hipaa data: SSNDashed: Removed Sensitive data
Searching for hipaa data in----Database:msf3| Table:clients
Searching for hipaa data in----Database:msf3| Table:imported_creds
Searching for hipaa data in----Database:msf3| Table:loots
Searching for hipaa data in----Database:msf3| Table:notes
Found hipaa data: Possible SSN: Removed Sensitive data
Searching for hipaa data in----Database:msf3| Table:project_members
Searching for hipaa data in----Database:msf3| Table:refs
Searching for hipaa data in----Database:mysql| Table:time_zone_transition
Searching for hipaa data in----Database:mysql| Table:time_zone_transition_type
Searching for hipaa data in----Database:mysql| Table:user
Here is some possible HIPAA data for review
['Removed Sensitive Data']
Review the following Database:Tables pairs for HIPAA sensitive data
[['msf3', 'campaigns'], ['msf3', 'notes']]
None
Try Again? y/n:n
Hope this makes the tool more useful, there are many more features being added but I wanted to at least release the tool to everyone with the HIPAA portion implemented before I get into a bunch of other database related stuff.... If anyone has any suggestion of stuff they run into on penetration tests regarding database pillaging and enumeration please send over some ideas :)
Note, there are many HIPAA related regular expressions which might cause a number of false positives, if you are having this problem feel free to just go into the attackpci.py file and remove all but the SSN related info if that's all your actually wanting to search for. Also if you have suggestions of other stuff to search for or want to donate some reg-ex... YAY