Output crt.sh to .json
curl -s <https://crt.sh/\\?q\\=inlanefreight.com\\&output\\=json> | jq .
Filter by unique subdomains
curl -s <https://crt.sh/\\?q\\=inlanefreight.com\\&output\\=json> | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\\\n/,"\\n");}1;' | sort -u
Identify internet accessible hosts
for i in $(cat subdomainlist);do host $i | grep "has address" | grep inlanefreight.com | cut -d" " -f1,4;done
rpcclient brute force queryuser
for i in $(seq 500 1100);do rpcclient -N -U "" 10.129.14.128 -c "queryuser 0x$(printf '%x\\n' $i)" | grep "User Name\\|user_rid\\|group_rid" && echo "";done
Brute Force BIND9
for sub in $(cat /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\\|SOA' | sed -r '/^\\s*$/d' | grep $sub | tee -a subdomains.txt;done
Oracle Tools Setup Script
#!/bin/bash
sudo apt-get install libaio1 python3-dev alien -y
git clone <https://github.com/quentinhardy/odat.git>
cd odat/
git submodule init
git submodule update
wget <https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-basic-linux.x64-21.12.0.0.0dbru.zip>
unzip instantclient-basic-linux.x64-21.12.0.0.0dbru.zip
wget <https://download.oracle.com/otn_software/linux/instantclient/2112000/instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip>
unzip instantclient-sqlplus-linux.x64-21.12.0.0.0dbru.zip
export LD_LIBRARY_PATH=instantclient_21_12:$LD_LIBRARY_PATH
export PATH=$LD_LIBRARY_PATH:$PATH
pip3 install cx_Oracle
sudo apt-get install python3-scapy -y
sudo pip3 install colorlog termcolor pycrypto passlib python-libnmap
sudo pip3 install argcomplete && sudo activate-global-python-argcomplete
Run with
pip3 install pycryptodome
pip3 install python-libnmap
./odat.py
Sqlplus
apt-cache search sqlplus
(Install that sucker)
sudo sh -c "echo /usr/lib/oracle/12.2/client64/lib > /etc/ld.so.conf.d/oracle-instantclient.conf";sudo ldconfig
ssh audit
<https://github.com/jtesta/ssh-audit>
rsync on port 873