Firstly I'm not a script kiddie or someone looking to H4CK systems. I am studying computer and information security and university and in my spare time help friends/family with computer related stuff.
Basically a friend of the family has asked me if I could carry out a penetration test on his network.
So far I have:
1 - Ran Whois scans to identify network range from domain given
2 - Ran Nmap to list all computers online
-- built company portfolio from online information
3 - Ran Nmap to try to identify services, all came back as filtered or closed
4 - Tried to use SNMP but failed - kept saying host not responding
5 - Used telnet to grab banners to try to identify services, all of which seamed up to date
6 - Ran Nexpose on hosts which discovered metasploit exploits all of which where scanner or dos
At this stage should I write the report and call it quits or are there any more scans I should complete. I explained to my friend I was still learning and just entering year 2 at University but I really want to get into pen testing and get a head start before I leave University.
Any links/tutorials ect welcome, I dont mind getting my hands dirty.
Also I know some people may be wary helping someone looking to pen test, I am more than happy to log into my University portal via a desktop sharing application or even send an email from my univiersity mail account.
I am here to learn white hat pen testing, nothing sinister and nothing without prior permission!