Step No.

Check
1 Map the internal network
2 Scan the network for live hosts
3 Open ports-reporting
4 Nessus -scan
5 Attempt to establish null sessions
Enumerate users/identify domains on
6 the network
7 Sniff the network using Wireshark
Sniff POP3/FTP/telnet passwords/ Email
8 messages/
9 DNS poisoning
Boot the PC using an alternate OS and
10 steal the SAM file
11 Attempt to Bypass AV- install keylogger
Hide hacking tools and other data on
12 target machines
13 Escalate user privileges

14 Capture Protocols

15 Analyse Wireshark with the filter

16 MAC spoof
17 Use Anonimize proxy
Attempt session hijacking on telnet, FTP,
18 Http traffic
19 Document everything

Remarks

Tools

No. of subnets, hosts,

running OS

Manual

Live hosts
UDP, TCP ports
Identify Vulnerbilities
Null session test

Advanced IP scanner
Nmap, Nessus
Nessus
SMB enum, NMAP

Password & group policies

Windows NT login User
name, password

Nmap, Nessus

SMTP POP, FTP traffic

dsniff, Mailsnarf, etc.

host file

dnsspoof, DNSA, Nessus

Password crack
obtain password, and AV
strength
Make File and folder can't
be deleted
Unauthorised access, SMB
enumeration

Kali-live

POP3, SMTP, IMAP e-mail

traffics, and Http, RDP,
VoIP, FTP.

-ip.src == ip_address,
-ip.dst == ip_address,
-tcp.dstport == port_no,
-ip.addr == ip_address
violate firewall/domain
policy
TOR/Web proxy
Windows NT session
Reporting

Wireshark

Metasploit-scripts
Stealth Folder Hider:
Metasploits

Wireshark/ Tcpdump

Wireshark
ifconfig
TOR browser, proxychain
Cain & Abel/ Cookie
manager/ Beef
Collecting Evidence

Identify test- Targets

Test- Status