Intranet_Penetration_Tips

This is a Chinese-language resource collection for security professionals who test corporate networks for weaknesses. Assembled in early 2018 by a contributor known as Evi1cg, and expanded over time with community input, it covers the full sequence of steps involved in what the security community calls intranet penetration: probing from the outside, getting in, moving around inside, and removing traces afterward.

The collection starts with external information gathering. This means finding company email addresses, subdomain names, leaked credentials, and other details publicly visible online before touching the target network. It then covers ways to gain initial access, including exploiting weak passwords, attacking web applications, and connecting via wireless networks. Much of this section is a curated list of named tools with direct links to their repositories.

Once inside a network, the guide covers how to stay hidden. This includes setting up communication channels that look like normal web traffic, routing connections through proxies, and bouncing traffic through multiple machines. A large section then goes deep into gathering information about the internal network itself: listing users, checking which services are running, scanning for open ports, and building a map of how machines are connected.

A substantial portion is dedicated to Windows domain environments, which most corporate networks use. Techniques here include attacking Kerberos authentication (the ticket system Windows uses to prove identity), extracting password hashes stored in memory, taking over domain controllers, and setting up ways to maintain access that survive reboots. Both Windows and Linux are covered, with separate sections on backdoors, scheduled tasks, and registry modifications.

The final sections address privilege escalation (getting higher-level access than you started with), spreading to additional machines, and removing traces of your activity. The content is organized as a structured list of tools, commands, and brief notes. It reads as a practical working reference for authorized security testers rather than a beginner tutorial. Most content is in Chinese, though many linked tools have English documentation.