Hi, i need to learn my new environment where I work on, so I can be able to troobleshoot the network and components.

The job sounds easy. Administration of a very small business.

Problem: No one knows what the previous admin has done so far.

Please do not focus into the examples. These serve to understand the background. Do not ask questions about the examples.

For example there exists an microsoft 365 account as "admin" with the business domain, but could not find much info.... comming to the conclusion that the account did not even have any devices connected or licenses. An other outlook account had bought a license but no devices connected.

So I dig & dig and wonder there must be a more default way to find such things out.

Another example: There exist some subdomains for the specified domain. The owner claims that never knew about these subdomains. So I work my way around to find which hosting provider is used, how to login, recover passwords etc. In subdomains section was no subdomains....

So there come up questions like is microsoft 365 actually used or just reasonless pays the company for an unused account? If there exists some subdomains and is nowhere in hosting provider to see, where is it?

Then I check if spoofing is possible. No dmark, no sfp ... Ok but if required to store it, where? No one knows it. Me with few minutes or hours on the environment can only assume and theorize...
Is the hosting provider used as is or does the client redirect the domain first somehow the domain in cloudflare, locally or else? So many many questions!!!

So my request is a step by step guide on how to pentest an unknown network (with admin privileges) ?

Goal is to "extract" the clients components in inventory, know what the environment is, what is it used for...

STOP COMMENTING IF YOU ARE A SCRIPT KIDDY OR A GREEDY PERSON