Pentest Network Internal

Purpose

Simulate an internal attacker to identify weak credentials, misconfigured services, and Active Directory paths to high-value assets.

Core Workflow

1. Network Discovery: Map the internal network, live hosts, and open ports using nmap and masscan.
2. Service Enumeration: Identify running services, versions, and potential entry points (SMB, RDP, SSH, etc.).
3. Vulnerability Scanning: Check for known service vulnerabilities (e.g., EternalBlue, ZeroLogon) using nuclei and nmap-scripts.
4. Credential Auditing: Test weak passwords and default credentials using hydra and netexec (CrackMapExec).
5. Active Directory Enum: Map AD trust relationships, users, and groups using bloodhound and ldapdomaindump.
6. Lateral Movement: Simulate movement between hosts using valid credentials or exploits.

References

• references/tools.md
• references/workflows.md