Cyber attack has become a major concern over the past few years. While the technical capability to attack has declined, hacking tools - both simple and comprehensive - are themselves evolving rapidly. Certain approaches are necessary to protect a system from cyber threats. This work engages with comprehensive penetration testing in order to find vulnerabilities in the Windows Server and exploit them. Some forms of method penetration testing have been used in this experiment, including reconnaissance probes, brute force attacks based on password guessing, implanting malware to create a backdoor for escalating privileges, and ooding the target. This experiment was focused on gaining access in order to ascertain the identities of hackers and thus better understand their methods and performed penetration testing to evaluate security aws in the Windows Server, which is a famous OS for web applications. It is expected that this work will serve as a guideline for practitioners who want to prepare and protect their systems before putting them online.