Overview

In this engagement, we were commissioned by Inlanefreight Ltd to conduct a penetration test against three internal servers to assess their configuration and overall security posture. The purpose of this assessment was to identify weaknesses that could allow unauthorized access and to validate successful compromise through the retrieval of flags placed on each system.

Each target system contained a flag in the format:

HTB{...}

The successful identification of these flags serves as proof of access and exploitation. This lab simulates a real-world internal penetration testing scenario, emphasizing structured enumeration, service analysis, and controlled exploitation.

Scope and Objectives

The scope of this phase of the assessment focused on the first internal server, which is responsible for managing email services, customer information, and file storage. Given the critical nature of these services, this server represents a high-value target within the organization.

The primary objectives for this server were:

• Identify exposed services and misconfigurations
• Enumerate accessible resources related to email, customer data, and file storage
• Gain sufficient access to retrieve the associated flag
• Document findings in a clear, reproducible manner.

Tools Used

The following tools were used or may be used during this assessment:

• Nmap
• SMTP
  • smtp-enum-users