very good information. question is , once you get access to the host, does the external pentest completes there ? or you go ahead with lateral movement etc if so, is that considered part of external pentest or becomes internal pentest/read team ?
That really depends on what was agreed to in the engagement. From a professional point of view I say the test stops there and we fix the issues that led to the breach then test again. In addition another internal assessment should be conducted using the assumed breach model.
To perform and internal penetration test you would need a machine that is on the subnet you are trying to test. For example you could have hacked.local for a Windows domain. The machines in hacked.local would be in network 192.168.1.0/24 or 192.168.2.0/24. You would place your attacker machine on one of these subnets but you do not need to join it to the Windows domain. There are other methods and tools to conduct an internal penetration test using client side attacks (example: email phishing with reverse shell access); it all depends on what the goal of the internal penetration test is!
Let's say I wanna hack a vulnerable windows 10 machine, let's assume this machine is of my friend and he is in another city, for that we need to do external pentest first. Then what next?
![Conduct a Penetration Test Like a Pro in 6 Phases [Tutorial]](/img/1.gif)
That was amazing video. Learned too much thank you so much
Glad it was helpful!
very good information. question is , once you get access to the host, does the external pentest completes there ? or you go ahead with lateral movement etc if so, is that considered part of external pentest or becomes internal pentest/read team ?
That really depends on what was agreed to in the engagement. From a professional point of view I say the test stops there and we fix the issues that led to the breach then test again. In addition another internal assessment should be conducted using the assumed breach model.
Thanks so Much. This was very helpful. Would I need to be joined to a domain to perform internal pentest?
To perform and internal penetration test you would need a machine that is on the subnet you are trying to test. For example you could have hacked.local for a Windows domain. The machines in hacked.local would be in network 192.168.1.0/24 or 192.168.2.0/24. You would place your attacker machine on one of these subnets but you do not need to join it to the Windows domain. There are other methods and tools to conduct an internal penetration test using client side attacks (example: email phishing with reverse shell access); it all depends on what the goal of the internal penetration test is!
Let's say I wanna hack a vulnerable windows 10 machine, let's assume this machine is of my friend and he is in another city, for that we need to do external pentest first. Then what next?