Overview

In this engagement, we were tasked with assessing the security of a second internal server within the inlanefreight.htb domain. This server is used to manage and store emails and files and also functions as a backup system for select company processes.

Based on internal discussions, this system is infrequently used and has primarily served testing and backup purposes. As a result, it represents a potentially overlooked asset that may not receive the same level of hardening or monitoring as production systems, making it a valuable target for internal penetration testing.

Each target system contained a flag in the format:

HTB{...}

The successful identification of these flags serves as proof of access and exploitation. This lab simulates a real-world internal penetration testing scenario, emphasizing structured enumeration, service analysis, and controlled exploitation.

Scope and Objectives

The scope of this assessment was limited to the second internal server within the inlanefreight.htb domain. This host is responsible for storing emails and files and serves as a backup system for selected organizational processes. Testing was conducted from an internal attacker perspective, simulating access by an authenticated or semi-trusted user within the corporate network.

The primary objectives of this engagement were to:

• Enumerate exposed services and configurations on the target system
• Identify misconfigurations or weak access controls related to file storage, email services, or backup functionality
• Assess the impact of insecure authentication mechanisms or overly permissive access

Tools Used

The following tools were used or may be used during this assessment:

• Nmap
• SSH