TROJAN HORSE SECURITY IS TEACHING THESE CONCEPTS FOR EDUCATIONAL PURPOSES ONLY. WE DO NOT CONDONE ILLEGAL HACKING. TROJAN HORSE SECURITY CONSULTANTS ARE HIRED AS ETHICAL HACKERS AT THE REQUEST OF ORGANIZATIONS WITH PERMISSION TO HACK THEIR NETWORKS AND SYSTEMS.
The next 2 sections may at first apear to be a little boring. I understand; you just want to hack some thing and do all the cool stuff you see in the movies. In reality, without proper discovery and enumeration, you will likely be able to find systems that are vulnerable to attack. As such, it is important to take this part seriously and conduct proper discovery and enumeration.
During the discovery and enumeration phases, you may find something that leads you to believe that you have found something that is exploitable. However, 2 days later, you may realize you had just jumped down the rabbit hole and what you believed was exploitable was nothing more than a false positive. I recommend that, if you find something that is very tempting, you spend no more than 5 minutes looking at it and, if it is not exploitable within that timeframe, you note it down in a test plan and save it for the exploitation phase.
There are many different opinions as to what belongs in the discovery phase and what blongs in the enumeration phase. All that's important, however, is that you conduct each one thoroughly.
It is important to point out that the discovery that you conduct will be different when performing an external pen test as opossed to an internal pen test. As such, we will break this down into 2 different branches to make this easy to learn and understand.
External Penetration Test: Discovery
Internal Penetration Test: Discovery