Abernathy - Garland Etc. Genealogy

Monday, August 31, 2020

The Pillager 0.7 Release

I spent the last couple days recoding the Pillager, getting rid of bugs, optimizing code, making it more extendable and more solid overall. So this post is to release the new code.  However, with that being said, the Pillager is in mass revision right now and I added some more developers to the team to add a whole host of new database attacking features as well as moving past databases and into other areas of post exploitation pillaging. Soon to be released..  As usual this tool and any tool i create is based on my issues when performing penetration tests and solves those problems.. If you have any insight or comments i will certainly take them into consideration for future releases.

For now check out Version 0.7.. Named searches and Data searches via external config files are now functioning properly as well as other bugs fixed along the way... Drop this in a BT5 VM and make sure you have your DB python stuff installed per the help docs and you should be good to go.  If you are looking to use oracle you are going to have to install all the oracle nonsense from oracle or use a BT4r2 vm which has most of the needed drivers minus cxoracle which will need to be installed.


Ficti0n$ python pillager.py
[---] The Database Pillager (DBPillage) [---]
[---] CcLabs Release [---]
[---] Authors: Ficti0n, [---]
[---] Contributors: Steponequit [---]
[---] Version: 0.7 [---]
[---] Find Me On Twitter: ficti0n [---]
[---] Homepage: http://console-cowboys.blogspot.com [---]

Release Notes:
 --Fixed bugs and optimized code
 --Added Docstrings
 --Fixed Named and Data searches from config files                 

The Database Pillager is a multiplatform database tool for searching and browsing common
database platforms encountered while penetration testing. DBPillage can be used to search
for PCI/HIPAA data automatically or use DBPillage to browse databases,display data.
and search for specified tables/data instances.
DBpillage was designed as a post exploitation pillaging tool with a goal of targeted
extraction of data without the use of database platform specific GUI based tools that
are difficult to use and make my job harder.

Supported Platforms:

        Usage Examples:
        For Mysql Postgres and MsSQL pillaging:
        python dbPillage -a [address] -d [dbType] -u [username] -p [password]
        For Oracle pillaging you need a SID connection string:
        python dbPillage-a [address]/[sid] -d [dbType] -u [username] -p [password]

        Grab some hashes and Hipaa specific:(Default is PCI)
        python dbPillage -a [address] -d [dbType] -u [username] -p [password] --hashes -s hipaa

Drop into a SQL CMDShell:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -q

Config file specified searches:
Search for data Items from inputFiles/data.txt:
        python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -D

Search for specific table names from inputFiles/tables.txt:
python dbpillage.py -a [address] -d [dbType] -u [username] -p [password] -N

        Switch Options:
        -# --hashes = grab database password hashes
        -l --limit  = limit the amount of rows that are searched or when displaying data (options = any number)
        -s --searchType = Type of data search you want to perform (options:pci, hipaa, all)(PCI default)
        -u --user = Database servers username
        -p --pass = Password for the database server
        -a --address = Ipaddress of the database server
        -d --database = The database type you are pillageing (options: mssql,mysql,oracle,postgres)
        -r --report = report format (HTML, XML, screen(default))
        -N --nameSearch = Search via inputFiles/tables.txt
        -D --dataSearch = Targeted data searches per inputFiles/data.txt
-q --queryShell = Drop into a SQL CMDshell in mysql or mssql
        python v2  (Tested on Python 2.5.2 BT4 R2 and BT5 R3 - Oracle stuff on BT4r2 only unless you install the drivers from oracle)
        cx_oracle (cx-oracle.sourceforge.net)
        psycopg2  (initd.org/psycopg/download/)
        MySQLdb   (should be on BT by default)
        pymssql   (should be on BT by default)

Continue reading

Sunday, August 30, 2020

WiFi Hacking On Tablets

Disclaimer: Don't hack anything where you don't have the authorization to do so. Stay legal.

Ever since I bought my first Android device, I wanted to use the device for WEP cracking. Not because I need it, but I want it :) After some googling, I read that you can't use your WiFi chipset for packet injection, and I forgot the whole topic.

After a while, I read about hacking on tablets (this was around a year ago), and my first opinion was: 
"This is stupid, lame, and the usage of that can be very limited".

After playing one day with it, my opinion just changed: 
"This is stupid, lame, the usage is limited, but when it works, it is really funny :-)"

At the beginning I looked at the Pwn Pad as a device that can replace a pentest workstation, working at the attacker side. Boy was I wrong. Pwn Pad should be used as a pentest device deployed at the victim's side!

You have the following options:
  1. You have 1095 USD + VAT + shipping to buy this Pwn Pad
  2. You have around 200 USD to buy an old Nexus 7 tablet, a USB OTG cable, a USB WiFi dongle (e.g. TP-Link Wireless TL-WN722N USB adapter works).

In my example, I bought a used, old 2012 Nexus WiFi. Originally I bought this to play with different custom Android ROMs, and play with rooted applications. After a while, I found this Pwn Pad hype again and gave it a shot.

The Pwn Pad community edition has an easy-to-use installer, with a proper installation description. Don't forget to backup everything from your tablet before installing Pwn Pad on it!

I don't want to repeat the install guide, it is as easy as ABC. I booted a Ubuntu Live CD, installed adb and fastboot, and it was ready-to-roll. I have not measured the time, but the whole process was around 20 minutes.

The internal WiFi chipset can be used to sniff traffic or even ARP poisoning for active MiTM. But in my case, I was not able to use the internal chipset for packet injection, which means you can't use it for WEP cracking, WPA disauth, etc. This is where the external USB WiFi comes handy. And this is why we need the Pwn Pad Android ROM, and can't use an average ROM.

There are two things where Pwn Pad really rocks. The first one is the integrated drivers for the external WiFi with monitor mode and packet injection capabilities. The second cool thing is the chroot wrapper around the Linux hacking tools. Every hacking tool has a start icon, so it feels like it is a native Android application, although it is running in a chroot Kali environment.


The first recommended app is Wifite. Think of it as a wrapper around the aircrack - airmon - airodump suite. My biggest problem with WEP cracking was that I had to remember a bunch of commands, or have the WEP cracking manual with me every time I have to crack it. It was overcomplicated. But thanks to Wifite, that is past.

In order to crack a WEP key, you have to:
  1. Start the Wifite app
  2. Choose your adapter (the USB WiFi)

  3. Choose the target network (wep_lan in the next example)
  4. Wait for a minute 
  5. PROFIT!

SSH reverse shell

This is one of the key functionalities of the Pwn Pad. You deploy the tablet at the Victim side, and let the tablet connect to your server via (tunneled) SSH.

The basic concept of the reverse shells are that an SSH tunnel is established between the Pwn Pad tablet (client) and your external SSH server (either directly or encapsulated in other tunneling protocol), and remote port forward is set up, which means on your SSH server you connect to a localport which is forwarded to the Pwn Pad and handled by the Pwn Pad SSH server.

I believe the best option would be to use the reverse shell over 3G, and let the tablet connect to the victim network through Ethernet or WiFi. But your preference might vary. The steps for reverse shells are again well documented in the documentation, except that by default you also have to start the SSH server on the Pwn Pad. It is not hard, there is an app for that ;-) On your external SSH server you might need to install stunnel and ptunnel if you are not using Kali. The following output shows what you can see on your external SSH server after successful reverse shell.

root@myserver:/home/ubuntu# ssh -p 3333 pwnie@localhost
The authenticity of host '[localhost]:3333 ([]:3333)' can't be established.
ECDSA key fingerprint is 14:d4:67:04:90:30:18:a4:7a:f6:82:04:e0:3c:c6:dc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:3333' (ECDSA) to the list of known hosts.
pwnie@localhost's password:
  _____      ___  _ ___ ___   _____  _____ ___ ___ ___ ___
 | _ \ \    / / \| |_ _| __| | __\ \/ / _ \ _ \ __/ __/ __|
 |  _/\ \/\/ /| .` || || _|  | _| >  <|  _/   / _|\__ \__ \
 |_|   \_/\_/ |_|\_|___|___| |___/_/\_\_| |_|_\___|___/___/

 Release Version: 1.5.5
 Release Date: 2014-01-30
 Copyright 2014 Pwnie Express. All rights reserved.

 By using this product you agree to the terms of the Rapid Focus
 Security EULA: http://pwnieexpress.com/pdfs/RFSEULA.pdf

 This product contains both open source and proprietary software.
 Proprietary software is distributed under the terms of the EULA.
 Open source software is distributed under the GNU GPL:


Now you have a shell on a machine that is connected to the victim network. Sweet :) Now Metasploit really makes sense on the tablet, and all other command-line tools.

EvilAP and DSniff

Start EvilAP (it is again a wrapper around airobase), choose interface (for me the Internal Nexus Wifi worked), enter an SSID (e.g freewifi), enter channel, choose whether force all clients to connect to you or just those who really want to connect to you, and start.

The next step is to start DSniff, choose interface at0, and wait :) In this example, I used a popular Hungarian webmail, which has a checkbox option for "secure" login (with default off). There are sooo many problems with this approach, e.g. you can't check the certificate before connecting, and the login page is delivered over HTTP, so one can disable the secure login checkbox seamlessly in the background, etc. In this case, I left the "secure" option on default off.

In the next tutorial, I'm going to show my next favorite app, DSploit ;)

Lessons learned

Hacking has been never so easy before
In a home environment, only use WPA2 PSK
Choose a long, nondictionary passphrase as the password for WPA2
Don't share your WiFi passwords with people you don't trust, or change it when they don't need it anymore
Don't let your client device auto-connect to WiFi stations, even if the SSID looks familiar

I believe during an engagement a Pwn Plug has better "physical cloaking" possibilities, but playing with the Pwn Pad Community Edition really gave me fun moments.

And last but not least I would like to thank to the Pwn Pad developers for releasing the Community Edition!

Related word
  1. Hacker Techniques Tools And Incident Handling
  2. Hack Tools Download
  3. Hack Tool Apk
  4. Hacker Tools Apk
  5. Tools Used For Hacking
  6. Hacker Tools Software
  7. Pentest Tools For Mac
  8. What Are Hacking Tools
  9. How To Install Pentest Tools In Ubuntu
  10. Usb Pentest Tools
  11. Hacker Search Tools
  12. Pentest Tools Download
  13. Hacker Tools 2019
  14. Best Hacking Tools 2019
  15. Hacking Tools Pc
  16. Hacker
  17. Pentest Recon Tools
  18. Tools For Hacker
  19. Pentest Tools Download
  20. How To Install Pentest Tools In Ubuntu
  21. Hackers Toolbox
  22. Hacker Tools 2019
  23. Growth Hacker Tools
  24. Computer Hacker
  25. Hacker Tools Linux
  26. Hack Tool Apk No Root
  27. Hacking Tools Name
  28. Free Pentest Tools For Windows
  29. Pentest Tools Tcp Port Scanner
  30. Hacking Apps
  31. Pentest Reporting Tools
  32. What Are Hacking Tools
  33. Pentest Tools Subdomain
  34. Pentest Tools Alternative
  35. Tools 4 Hack
  36. Hacker Tools Apk
  37. Hack Tools For Windows
  38. Hacker Tools For Mac
  39. Hacking Apps
  40. Hacker Security Tools
  41. Usb Pentest Tools
  42. Hacking Tools Free Download
  43. Hack Tools For Games
  44. Blackhat Hacker Tools
  45. Pentest Tools Review
  46. Underground Hacker Sites
  47. Hacking Tools And Software
  48. Pentest Tools Url Fuzzer
  49. How To Install Pentest Tools In Ubuntu
  50. Hacking Tools Online
  51. Hack App
  52. Hack And Tools
  53. Growth Hacker Tools
  54. Hacker Search Tools
  55. Hacking Tools Windows 10
  56. Hacking Tools Online
  57. Hacker Tools Software
  58. Hack Rom Tools
  59. Hack Tools For Games
  60. Hack Website Online Tool
  61. Computer Hacker
  62. Hak5 Tools
  63. Hacker Hardware Tools
  64. Pentest Tools For Mac
  65. Pentest Tools Github
  66. Hack And Tools
  67. Hacker Tools List
  68. Bluetooth Hacking Tools Kali
  69. Hacking Tools 2020
  70. Hack Website Online Tool
  71. Hack Tools Mac
  72. Tools Used For Hacking
  73. Hacking Tools For Beginners
  74. Hack Tools For Pc
  75. Blackhat Hacker Tools
  76. Pentest Tools Port Scanner
  77. Hacking Tools Software
  78. Hacker Tools Apk Download
  79. Tools For Hacker
  80. Best Hacking Tools 2019
  81. Pentest Tools Review
  82. Hack Tools For Windows
  83. Hacker
  84. Free Pentest Tools For Windows
  85. Hacking Tools Hardware
  86. Hacker Tools Windows
  87. How To Make Hacking Tools
  88. Hacker Tools Windows
  89. Hacking Tools 2020
  90. Hackers Toolbox
  91. Hack Tools For Windows
  92. Pentest Tools For Mac
  93. Hacker Tools For Pc
  94. Hack And Tools
  95. Hacking Tools And Software
  96. Hack Rom Tools
  97. Pentest Box Tools Download
  98. Hack Tools For Ubuntu
  99. Hacking Tools 2019
  100. Pentest Reporting Tools
  101. Hack Tools
  102. Hack Rom Tools
  103. Hacker Tools 2020
  104. Hack Tools Mac
  105. Pentest Tools List
  106. How To Install Pentest Tools In Ubuntu
  107. Nsa Hack Tools
  108. How To Hack
  109. Hacks And Tools
  110. Best Pentesting Tools 2018
  111. Hack Apps
  112. Hak5 Tools
  113. Hacker Security Tools
  114. Android Hack Tools Github
  115. Pentest Tools For Android
  116. Pentest Tools List
  117. Hacking Tools Github
  118. Kik Hack Tools
  119. Pentest Tools List
  120. Hacking Tools Github
  121. New Hacker Tools
  122. What Is Hacking Tools
  123. Pentest Tools For Android
  124. Hacking Tools For Windows
  125. Pentest Tools
  126. Best Hacking Tools 2020
  127. Install Pentest Tools Ubuntu
  128. Pentest Box Tools Download
  129. Hacking Tools Pc
  130. Pentest Tools Alternative
  131. Github Hacking Tools
  132. Pentest Tools Website Vulnerability
  133. Hacker Tools Windows
  134. Github Hacking Tools
  135. Hacking Tools Download
  136. Hacking Tools Hardware
  137. Hacking Tools For Mac
  138. Hacking Tools 2020
  139. Hack Tool Apk No Root
  140. Hacking Tools Mac
  141. Nsa Hack Tools Download
  142. Hacker Techniques Tools And Incident Handling
  143. Hacker Hardware Tools
  144. Hacking Tools Hardware


"Exploit-Me is a suite of Firefox web application security testing tools designed to be lightweight and easy to use. The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. Along with this SecTor is making the audio of the talk available." read more...

Website: http://securitycompass.com/exploitme.shtml

Related word

  1. Hacking Tools And Software
  2. Android Hack Tools Github
  3. Ethical Hacker Tools
  4. Hacking Tools 2020
  5. Pentest Automation Tools
  6. Hacker Tools Apk
  7. Best Hacking Tools 2020
  8. Hacker Tools Online
  9. What Are Hacking Tools
  10. Pentest Tools Android
  11. Tools For Hacker
  12. Hacking Tools Mac
  13. Hacker Tools Hardware
  14. Pentest Tools Linux
  15. Pentest Tools Android
  16. Hacker Tools Software
  17. Hacker Tools For Pc
  18. Hacker Tool Kit
  19. Hacking Apps
  20. Tools Used For Hacking
  21. Hacking App
  22. Hacker Security Tools
  23. Hacking Tools Name
  24. Pentest Tools Github
  25. Hacking Tools Kit
  26. Hack Apps
  27. Hacking Tools For Windows
  28. Pentest Tools Android
  29. Hacker Hardware Tools
  30. Hacking Tools
  31. Hack Website Online Tool
  32. Pentest Tools Windows
  33. Bluetooth Hacking Tools Kali
  34. Hack Tools For Pc
  35. Pentest Tools Review
  36. Hacking Tools For Windows 7
  37. Hacker Tools Software
  38. Hack Tools Online
  39. Hack Tools 2019
  40. Hacking Tools Pc
  41. Pentest Tools Open Source
  42. Hacking Tools Windows
  43. Pentest Tools Url Fuzzer
  44. Hacking Tools For Kali Linux
  45. Pentest Automation Tools
  46. Black Hat Hacker Tools
  47. Game Hacking
  48. Hacking Tools 2020
  49. Game Hacking
  50. Pentest Tools Port Scanner
  51. Hacker Tools Windows
  52. Best Hacking Tools 2020
  53. Hack Apps
  54. Hack Apps
  55. Hacker Tool Kit
  56. How To Make Hacking Tools
  57. Hack Tools 2019
  58. Hack Tools Mac
  59. Hacker Tools Windows
  60. Hacking Tools Free Download
  61. Easy Hack Tools
  62. Ethical Hacker Tools
  63. Pentest Tools For Ubuntu
  64. Hackrf Tools
  65. Pentest Tools Linux
  66. Hacking Tools Mac
  67. Pentest Tools Nmap
  68. Best Hacking Tools 2020
  69. World No 1 Hacker Software
  70. Pentest Tools For Mac
  71. Hacker Tools For Windows
  72. Hacker Tools Mac
  73. Hacker Tools For Pc
  74. Hacker Tools Apk
  75. Pentest Tools Website Vulnerability
  76. Physical Pentest Tools
  77. Hack Tools 2019
  78. Hacking Tools For Windows
  79. Hacking Apps
  80. Pentest Reporting Tools
  81. Hackers Toolbox
  82. Hack Tools For Pc
  83. How To Hack
  84. Hacker Tools For Mac
  85. Hacking Tools For Beginners
  86. Hacking Tools For Pc
  87. Pentest Recon Tools
  88. Hacking Tools For Windows Free Download
  89. Ethical Hacker Tools
  90. Pentest Tools Windows
  91. Hack Rom Tools
  92. Pentest Tools Url Fuzzer
  93. Pentest Tools Alternative
  94. Hacking Tools Windows
  95. Hacker Hardware Tools
  96. Pentest Box Tools Download
  97. Hacker Tools Linux
  98. Hack Tools Download
  99. Hacking Tools Software
  100. Underground Hacker Sites
  101. Wifi Hacker Tools For Windows
  102. Pentest Automation Tools
  103. Hacking Tools And Software
  104. Hack App
  105. Hacker Tools Github
  106. Pentest Tools Find Subdomains
  107. Beginner Hacker Tools
  108. Hack Apps
  109. Hacking App
  110. Hacker Tool Kit
  111. Hacking Tools For Mac
  112. Tools 4 Hack
  113. World No 1 Hacker Software
  114. Hacking Tools
  115. Pentest Reporting Tools
  116. Hack Rom Tools
  117. Pentest Reporting Tools
  118. Pentest Tools Apk
  119. Pentest Automation Tools
  120. Game Hacking
  121. Hacking Tools For Games
  122. Hacking Tools Software
  123. Physical Pentest Tools
  124. Hack Website Online Tool
  125. What Are Hacking Tools
  126. Hack Tool Apk
  127. Hackrf Tools
  128. Hacker Hardware Tools
  129. Hacker
  130. Hacker Tools Linux
  131. Pentest Tools
  132. Pentest Tools Kali Linux
  133. Hacking Tools Usb
  134. Pentest Tools Framework
  135. Hacking Tools Download
  136. Hacker Tools Linux
  137. Pentest Tools Apk
  138. Free Pentest Tools For Windows
  139. Pentest Tools Find Subdomains
  140. Best Pentesting Tools 2018
  141. Hacker Tools Hardware
  142. Hacking Tools 2020
  143. Pentest Tools Kali Linux
  144. Hacking Tools Hardware
  145. New Hack Tools
  146. Android Hack Tools Github
  147. Pentest Tools Github
  148. Hacking Tools Online
  149. Computer Hacker
  150. Hack Rom Tools
  151. Hacking Tools Windows 10
  152. Nsa Hacker Tools
  153. Pentest Tools For Android
  154. Hak5 Tools
  155. Hacker Tools 2019
  156. Hacker Tools For Windows
  157. Hacker Tools 2019
  158. Hacker Tools For Mac