1. Information Gathering:
1.1 Passive.
1.2 Active.
2. Networking Mapping:
2.1 Identify Live Hosts.
2.2 Identify Open Ports.
2.3 Identify Services.
2.4 Identify Operating System.
3. Vulnerability Identification (Assessment and Verification):
3.1 Default Configuration.
3.2 Vulnerability Scanning (known vulnerabilities).
3.3 Vulnerability scanning (unknown vulnerabilities).
4. Prepare for Penetration:
4.1 Identify Proof of concept (PoC) tool(s).
4.2 Testing PoC.
4.2 Fire PoC.
5. Gaining Access and Privilege Escalation:
5.1 Obtain User Access.
5.2 Obtain Operator Access.
5.3 Obtain Administrative Access.
6. Enumerate Further:
6.1 Sniff the traffic and analyze traffic.
6.2 Obtain passwords.
6.3 Gather cookies.
6.4 Analyzing route information and whole network.
7. Attack on Remote Users/Site (n vis-a-vis) (Optional):
8. Maintain Access:
8.1 Backdoor.
8.2 Rootkit.
8.3 Establish Tunnel.
9. Cover your Tracks:
9.1 Remove Logs (windows).
9.1.1 Remove Event Viewer Log.
9.1.2 Remove Application Log (e.g. Terminal Service, Mail Server, and Application Server).
9.1.2 Remove Web server Log.
The above details clearly reflect as to what methodologies to be followed in a penetration test environment. Please treat this know-how as an opensource. Would be glad to answer your questions if you have any.
-----
Hassan
http://securityassessmentframework.blogspot.com/
http://groups.yahoo.com/groups/issaf
