The list of users in the lesson module can be downloaded here
For anyone else still struggling with this specific question, like others have mentioned: start by doing a dig Zone Transfer command on the main domain using the target machine’s IP as the DNS server. Then record all the subdomains you get back. Then use dig to try and Zone Transfer on those subdomains (app.inlanefreight.htb, internal.inlanefreight.htb, dev.inlanefreight.htb, etc.) and record any that you cannot get records for.
Finally, use either the bash script or the DNSEnum tool to brute force the subdomains you couldn’t get records for using a very “fierce” wordlist. Good luck and hope you learn something new like I did!
Huge help, thanks
Guys I Am Going To Help You Out :slight_smile 
Note :- Download The Worslist Which is provided by htb at starting of smtp room and unzip in your downloads folder
Just Run This
–>smtp-user-enum -w 25 -M VRFY -U ~/Downloads/footprinting-wordlist.txt -t 10.129.41.115
–>Note:- Wait Atleast 5-10 min
Finally you Get
10.129.41.115: r**** exists
any hints for IMAP/POP3? the last question? I tried literally everything, nothing worked out
i think its robin but not sure
How did you know that exactly this timeout would be sufficient? Trial and error method? About the beginning I knew what command it was about, but for several minutes I could not find the right timeout