Exploring the caverns

Enummerating Webservers, gain more information about the company itself

Enumerating Web Servers

It is important to enumerate what is running on a web server further than just a scan. To get an understanding of what services are on the network and what could possibly be used as an attack vector.

Enumerating THROWBACK-PROD's Production Server

Upon initial access to the production server, we can see that it is a company website advertising themselves as a private penetration testing and analysis firm.

Landingpage of Throwback Hacks

Further inspection of the website reveals a list of employees, location of the company, and an email address. These details can be important to note for later attacks and enumeration.

Exploring Throwback Hacks Website

Company Members:

• Summers Winters (CEO&Founder)

• Jeff Davies (CFO)

• Hugh Gongo (CTO)

• Rikka Foxx (Lead Developer)

Enumerating THROWBACK-MAIL's Mail Server

When enumerating the THROWBACK-MAIL web server we find from the source code that it is running squirrel mail as a mail service for the company.

page source code revelases that squirrel mail is running as a mailservice

Throwback Hacks Mailserver login

When viewing the banner we find that there is a guest login account that anyone can use. We will need these credentials for later attacks.

Login with guest Account

Adress Book

Possible Usernames

• HumphreyW

• SummersW

• FoxxR

• DaibaN

• PeanutbutterM

• PetersJ

• DaviesJ

• BlaireJ

• GongoH

• MurphyF

• JeffersD

• HoresemanB

Enumerating THROWBACK-FW01's Service

Immediately upon visiting THROWBACK-FW01 we can tell that it is running a new version of pfSense. As this firewall is accessible to the public we can assume that is is an outside firewall designed to keep attackers out.

pfsense Login page

Your team informs you that it is your decision of what target to attack first, all can be good attack paths. They suggest attacking THROWBACK-FW01 first however the decision is yours.

Questions