> For the complete documentation index, see [llms.txt](https://cas-cyber.gitbook.io/cas-cybersecurity/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cas-cyber.gitbook.io/cas-cybersecurity/windows-hacking/throwback-network/exploring-the-caverns.md).

# Exploring the caverns

### Enumerating Web Servers&#x20;

It is important to enumerate what is running on a web server further than just a scan. To get an understanding of what services are on the network and what could possibly be used as an attack vector.

#### Enumerating THROWBACK-PROD's Production Server&#x20;

Upon initial access to the production server, we can see that it is a company website advertising themselves as a private penetration testing and analysis firm.

![Landingpage of Throwback Hacks](/files/ZMgLVenvuftXAUWW1Nto)

Further inspection of the website reveals a list of employees, location of the company, and an email address. These details can be important to note for later attacks and enumeration.

#### Exploring Throwback Hacks Website&#x20;

![](/files/hxZpMHOAcWv53ZQrbHrr)

Company Members:

* Summers Winters (CEO\&Founder)
* Jeff Davies (CFO)
* Hugh Gongo (CTO)
* Rikka Foxx (Lead Developer)

#### Enumerating THROWBACK-MAIL's Mail Server&#x20;

When enumerating the THROWBACK-MAIL web server we find from the source code that it is running squirrel mail as a mail service for the company.

![page source code revelases that squirrel mail is running as a mailservice](/files/gMgtyx3GhCULxhFNrsYG)

![Throwback Hacks Mailserver login](/files/Fa5PxgQDdPPYgXRY12mk)

When viewing the banner we find that there is a guest login account that anyone can use. We will need these credentials for later attacks.

#### Login with guest Account&#x20;

![Adress Book](/files/BM3iUX6Lx4irwIsCLe6t)

#### Possible Usernames

* HumphreyW
* SummersW
* FoxxR
* DaibaN
* PeanutbutterM
* PetersJ
* DaviesJ
* BlaireJ
* GongoH
* MurphyF
* JeffersD
* HoresemanB

#### Enumerating THROWBACK-FW01's Service&#x20;

Immediately upon visiting THROWBACK-FW01 we can tell that it is running a new version of pfSense. As this firewall is accessible to the public we can assume that is is an outside firewall designed to keep attackers out.

![pfsense Login page](/files/a983i5I49CpUrnU6nXh9)

Your team informs you that it is your decision of what target to attack first, all can be good attack paths. They suggest attacking THROWBACK-FW01 first however the decision is yours.

### Questions

![](/files/WVu0uZDVwboayaF5jcPa)

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://cas-cyber.gitbook.io/cas-cybersecurity/windows-hacking/throwback-network/exploring-the-caverns.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.