Description

Obtain the list of accounts from the company's external web resources. Restore the missing symbols in the address r*** s@edu.stf and provide it in full in your report.

First, we need to scan the entire network of our target using Nmap. The scope provided is 10.124.1.224/27

┌──(kali㉿kali)-[~/Desktop]
└─$ nmap -sn 10.124.1.224/27

Starting Nmap 7.95 ( <https://nmap.org> ) at 2025-09-06 12:37 EDT
Nmap scan report for 10.124.1.225
Host is up (0.21s latency).
Nmap scan report for aircraft.edu.stf (10.124.1.231)
Host is up (0.21s latency).
Nmap scan report for calculator.edu.stf (10.124.1.232)
Host is up (0.21s latency).
Nmap scan report for library.edu.stf (10.124.1.233)
Host is up (0.21s latency).
Nmap scan report for wp.edu.stf (10.124.1.234)
Host is up (0.21s latency).
Nmap scan report for www.edu.stf (10.124.1.235)
Host is up (0.21s latency).
Nmap scan report for gallery.edu.stf (10.124.1.236)
Host is up (0.21s latency).
Nmap scan report for utils.edu.stf (10.124.1.237)
Host is up (0.21s latency).
Nmap scan report for shop.edu.stf (10.124.1.238)
Host is up (0.21s latency).
Nmap scan report for tokenizer.edu.stf (10.124.1.239)
Host is up (0.21s latency).
Nmap scan report for bind.edu.stf (10.124.1.240)
Host is up (0.21s latency).
Nmap scan report for smashmusic.edu.stf (10.124.1.241)
Host is up (0.21s latency).
Nmap scan report for test-webserver.edu.stf (10.124.1.242)
Host is up (0.21s latency).
Nmap scan report for vpn.edu.stf (10.124.1.253)
Host is up (0.21s latency).
Nmap done: 32 IP addresses (14 hosts up) scanned in 2.64 seconds

From this list, we need to identify which website might contain employee information.

After checking several active websites discovered in our reconnaissance,

I identified www.edu.stf, which is a website for heavy logistics. At the bottom of the page, we noticed contact email addresses