Internal Penetration Test Process/Checklist

Internal Penetration Test Process/Checklist
  • [ ] Map the Internal Network
  • [ ] Scan the Network for Live Hosts
  • [ ] Port-scan individual machines
  • [ ] Try to gain access using known vulnerabilities
  • [ ] Attempt to establish null sessions
  • [ ] Enumerate users/identify domains on the network
  • [ ] Sniff the network using Wireshark
  • [ ] Sniff POP3/FTP/Telnet Passwords
  • [ ] Attempt Replay Attacks
  • [ ] Attempt ARP Poisoning
  • [ ] Attempt MAC Flooding
  • [ ] Conduct Man-In-The-Middle Attacks
  • [ ] Attempt DNS Poisoning
  • [ ] Try logging in to a console machine
  • [ ] Boot the PC Using an Alternate OS and Steal the SAM File
  • [ ] Bypass the OS to Obtain Information
  • [ ] Attempt to plant a software keylogger to steal passwords.
  • [ ] Attempt to plant a hardware keylogger to steal passwords.
  • [ ] Attempt to plant spyware on the target machine
  • [ ] Attempt to plant a Trojan on the target machine
  • [ ] Attempt to to bypass antivirus software installed on the target machine
  • [ ] Attempt to send a virus using the target machine.
  • [ ] Attempt to to plant rootkits on the target machine
  • [ ] Hide sensitive data on target machine
  • [ ] Hide hacking tools and other data on target machines
  • [ ] Use various steganography techniques to hide files on target machines.
  • [ ] Escalate user privileges
  • [ ] Capture POP3 Traffic
  • [ ] Capture SMTP Traffic
  • [ ] Capture IMAP E-mail traffic
  • [ ] Capture the communications between FTP client and FTP Server
  • [ ] Capture HTTP Traffic
  • [ ] Capture RDP Traffic
  • [ ] Capture VoIP Traffic
  • [ ] Run Wireshark with the filter -ip.src == ip_address
  • [ ] Run Wireshark with the filter -ip.dst == ip_address
  • [ ] Run Wireshark with the filter -tcp.dstport == port_no
  • [ ] Run Wireshark with the filter -ip.addr == ip_address
  • [ ] Spoof the MAC Address
  • [ ] Attempt Session Hijacking on telnet traffic.
  • [ ] Attempt Session Hijacking on FTP traffic.
  • [ ] Attempt Session Hijacking on HTTP traffic.
  • [ ] Document Everything

Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.