When dealing with a small network it is easy to underestimate the time and effort it can take to clean up your compromised hosts. This task is critical in both avoiding detection and in leaving the network in pristine condition once your testing has been completed. The last thing anyone wants is to overlook a compromised host that has a meterpreter backdoor installed and waiting for the next person to come along and take advantage of! The key is to take meticulous notes and keep accurate record of not only what was done while testing, but also if the things that were done could possibly persist after testing.

Think about what we did in the post exploitation chapter; just how easy do you think it would be to forget that we enabled the games account to be used for SSH login—and with root privilege and a weak password at that! It seems the only thing worse would be to accidently send the wrong report to a client and give away someone's confidential information....