📘
CAS Cybersecurity
  • Start
  • Reconnaissance
    • Opensource Intelligence
  • Docker basics and Images
    • Damn Vulnerable Webapp
    • bWAPP
    • Juice Webshop
    • Webgoat
    • Metasploitable 2
    • Metasploitable 3
    • MISP Docker (old)
    • MISP Docker (new)
  • Scanning and Enumeration
    • Scanning with zenmap
    • Scanning with nmap
    • Scanning with msf auxiliary
  • Vulnerability Scanning and Analysis
    • OpenVAS
    • nmap vulnerability scan
    • MSF Auxiliary Modules
  • Exploitation
    • Metasploitable 2
    • Redis Server
    • Print Nightmare
    • Baron Samedit
    • Polkit
    • Heartbleed
  • Man in the Middle
    • ARP Cache poisoning
    • RDP MitM Exercise
  • Windows Hacking
    • Throwback Network
      • Entering the breach
      • Exploring the caverns
      • Webshells and you!
      • First Contact
    • WinAttack LAB
      • Module 01
      • Module 02
      • Module 03
      • Module 04
      • Module 05
      • Module 06
      • Module 07
      • Module 08
      • Module 09
      • Module 10
  • Web Application Security
    • Burp Proxy Introduction
    • DVWA
      • DVWA Exercises 1
      • DVWA Exercises 2
      • DVWA Exercises 3
      • DVWA Exercises 4
      • DVWA Exercises 5
      • DVWA Exercises 6
      • DVWA Exercises 7
      • DVWA Exercises 8
  • CTF and Crypto Exercises
    • Cyberchef Challenge
    • HTB Invite Challenge
    • BSides London 2019 Challenge
    • Ninja Sec Challenge
  • Threat Intelligence
    • MISP Exercise 1
    • MISP Exercise 2
    • MISP Exercise 3
    • MISP Exercise 4
    • MISP Exercise 5
    • MISP Exercise 6
    • MISP Exercise 7
    • MISP Exercise 8
    • Virus Total Graph Exercise
    • RFI Incoming!
  • Forensic Exercises
    • Disk Forensics
      • The Sleuth Kit Intro
      • Filecarving with Foremost
      • Filecarving with scalpel
      • Bulk extractor
      • Disk acquisition with dd
      • Disk acquisition with dcfldd
      • Disk acquisition with ewftools
      • Disk acquisition with FTK Imager
      • Mount disk image (raw)
      • Unknown USB Stick
      • USB Stick Filecarving
      • Autopsy Exercise
    • Windows Forensics
      • Bitunlocker
      • Alternate Datastreams
    • Memory Forensics
      • Volatility2 Basics (Linux)
      • Volatility2 Exercise 1
      • Volatility3 Exercise 1
      • Volatility3 Exercise 2
      • Volatility3 Exercise 3
    • Image Forensics
      • Unswirl Image
      • Manual Filecarving 1
      • Manual Filecarving 2
    • Browser Forensics
    • Mail Header Analysis
    • Timestomping Exercise
    • Network Forensics
      • Tshark Exercise
  • Malware Analysis
    • Ransomware
      • General Introduction
      • Ryuk
      • RansomEXX
      • REvil
      • BlackMatter
      • Hades
      • Egregor
      • DoppelPaymer
    • YARA
      • YARA Install
      • yarGen
      • YARA with Cyberchef
      • TCP dump analysis
      • Memory dump analysis
    • Dosfuscated Scripts
  • Android Malware
    • LAB Setup 1
    • LAB Setup 2
    • Android Manifest
    • Android Permissions
    • APP Tracing with Frida
    • AES Key decryption
    • RedAlert
    • BlackRoseLucy
    • Crackme RE Challenge
  • Forensic Readiness
    • Windows Event Logs
    • Windows Sysmon
    • Sysmon: Capture Clipboard
    • Sysmon: Process Injection
    • Ransomware Detection
      • Signature based
  • Live Response
    • Velociraptor P1
    • Velociraptor P2
    • Velociraptor P3
    • Windows Response LAB
      • Lateral Movement Detection
      • Detect persistence
      • Volatility Analysis
Powered by GitBook
On this page
  • Enumerating Web Servers
  • Questions

Was this helpful?

  1. Windows Hacking
  2. Throwback Network

Exploring the caverns

Enummerating Webservers, gain more information about the company itself

PreviousEntering the breachNextWebshells and you!

Last updated 3 years ago

Was this helpful?

Enumerating Web Servers

It is important to enumerate what is running on a web server further than just a scan. To get an understanding of what services are on the network and what could possibly be used as an attack vector.

Enumerating THROWBACK-PROD's Production Server

Upon initial access to the production server, we can see that it is a company website advertising themselves as a private penetration testing and analysis firm.

Further inspection of the website reveals a list of employees, location of the company, and an email address. These details can be important to note for later attacks and enumeration.

Exploring Throwback Hacks Website

Company Members:

  • Summers Winters (CEO&Founder)

  • Jeff Davies (CFO)

  • Hugh Gongo (CTO)

  • Rikka Foxx (Lead Developer)

Enumerating THROWBACK-MAIL's Mail Server

When enumerating the THROWBACK-MAIL web server we find from the source code that it is running squirrel mail as a mail service for the company.

When viewing the banner we find that there is a guest login account that anyone can use. We will need these credentials for later attacks.

Login with guest Account

Possible Usernames

  • HumphreyW

  • SummersW

  • FoxxR

  • DaibaN

  • PeanutbutterM

  • PetersJ

  • DaviesJ

  • BlaireJ

  • GongoH

  • MurphyF

  • JeffersD

  • HoresemanB

Enumerating THROWBACK-FW01's Service

Immediately upon visiting THROWBACK-FW01 we can tell that it is running a new version of pfSense. As this firewall is accessible to the public we can assume that is is an outside firewall designed to keep attackers out.

Your team informs you that it is your decision of what target to attack first, all can be good attack paths. They suggest attacking THROWBACK-FW01 first however the decision is yours.

Questions

Landingpage of Throwback Hacks
page source code revelases that squirrel mail is running as a mailservice
Throwback Hacks Mailserver login
Adress Book
pfsense Login page