SleepyLctl

################################################ Automatic Checks 
$ https://mxtoolbox.com/SuperTool.aspx

################################################ SPF Dig Lookup
$ dig domain.com txt

################################################ DMARC Dig Lookup 
$ dig _dmarc.example.org txt

################################################ DKIM Dig Lookup - selector must be known - found in email header - DKIM-Signature

SleepyLctl

MUA – Mail User Agent e.g. Outlook, Mozilla Thunderbird; Downloads emails from MDA via POP3/IMAP; Sends emails via tcp:587; 
MTA – Mail Transfer Agent e.g. Kaspersky Secure Mail Gateway - SMTP server - listens tcp:25 and comunnicates with another MTA; placed in DMZ; 
MDA – Mail Delivery Agent e.g. MS Exchange, IceWarp - POP3/IMAP server (local delivery server) - communicates with MTA via tcp:25; stores/forwards emails; 

Email NetFlow
################

MUA -> MDA(tcp:587) -> MTA(tcp:25) -> INTERNET -> MTA(tcp:25) ->  MTA(tcp:25) -> MUA(tcp:110/143)

SleepyLctl

#!/bin/bash

dot="."
while read subdomain; do
        host $subdomain$dot$1 | grep "has address" 
done < $2

SleepyLctl

• https://github.com/jobertabma/recon.sh
• https://github.com/codingo/Reconnoitre
• https://github.com/portcullislabs/enum4linux
• https://github.com/rebootuser/LinEnum
• https://github.com/superkojiman/onetwopunch

SleepyLctl

https://portswigger.net/blog/xss-without-html-client-side-template-injection-with-angularjs

List of Sandbox bypasses

1.0.1 - 1.1.5

Mario Heiderich (Cure53)
{{constructor.constructor('alert(1)')()}}

1.2.0 - 1.2.1

SleepyLctl

if [ -z $1 ]; then echo "Usage: ./smbver.sh RHOST {RPORT}" && exit; else rhost=$1; fi
if [ ! -z $2 ]; then rport=$2; else rport=139; fi
tcpdump -s0 -n -i tap0 src $rhost and port $rport -A -c 7 2>/dev/null | grep -i "samba\|s.a.m" | tr -d '.' | grep -oP 'UnixSamba.*[0-9a-z]' | tr -d '\n' & echo -n "$rhost: " &
echo "exit" | smbclient -L $rhost 1>/dev/null 2>/dev/null
sleep 0.5 && echo ""