> For the complete documentation index, see [llms.txt](https://cas-cyber.gitbook.io/cas-cybersecurity/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cas-cyber.gitbook.io/cas-cybersecurity/windows-hacking/throwback-network/entering-the-breach.md).

# Entering the breach

![Network Diagram ](/files/pMTaUFOm2V93p71M5cM8)

### Entering the breach

Your attack team has run initial reconnaissance on the target: Throwback Hacks Security. They find that there are 3 machines that are publicly facing: **THROWBACK-PROD**, **THROWBACK-FW01**, and **THROWBACK-MAIL**. Your team has informed you that these assets are publicly accessible, it is your job to perform additional reconnaissance on these machines and find the way in. To accomplish this, we'll be learning to use the tool [nmap](/cas-cybersecurity/scanning-and-enumeration.md#scanning-with-nmap).

Actual NW Range: 10.200.136.0 /24

Nmap Command:&#x20;

> nmap -sV -sC -p- -v -oA full\_scan 10.200.136.0/24 --min-rate 5000

![nmap console output](/files/706Ke4NTksv5ayHxhESj)

> xsltproc full\_*scan.xml -o full*\_scan.html

### Identifying Assets and finding the attack surface

**Enumerating THROWBACK-PROD Scans**

When enumerating the nmap scan we find many open ports as well as a leaked domain name.

![Note: Port 445 (SMB) and RDP (3389) is open](/files/ZlP3Y9qwmaC7Rplkmpws)

We also find that port 80 is running an IIS server this is good to note to visit and enumerate later.

![](/files/zZw1PDHeoZWxlsEFQKe1)

**Enumerating THROWBACK-MAIL Scans**

We find that THROWBACK-MAIL is a Linux box running an Apache server on port 80 running a login page.

![](/files/zdiSKS4QZQttBbNhb2pe)

**Enumerating THROWBACK-FW01 Scans**

When looking at the scans we see that the box is more than likely running a pfSense firewall with a public pfSense login.

![](/files/XqfLPDdXfynm2z4gCR6b)

### Questions

![](/files/9D3EMkioEvg9F635ki8A)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://cas-cyber.gitbook.io/cas-cybersecurity/windows-hacking/throwback-network/entering-the-breach.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
