This nice
article details a step by step approach of what the author needed to do to
try and hack some intranet site (by request). It then details all the mitigation
steps needed to make sure something like that can never happen again.
Enlightening.