# To Attack a Windows Machine

Ok after scanning the network we detect some Windows machines and now? 

#### Step 2: Enumerate Windows Machines

After scanning the network and detecting Windows machines, proceed with the following steps to assess your targets:

**Identify Live Hosts**

Use tools like `nmap` or `Advanced IP Scanner` to identify live hosts and their open ports. Example command:

```bash
nmap -sT -p- 192.168.1.0/24
```

**Gather System Information**

Utilize tools such as `WinRM` or `SMB` to gather system details like OS version, patches, and services. Example command with `smbclient`:

```bash
smbclient -L \\\\TARGET_IP_ADDRESS
```

**Check for Vulnerabilities**

Run vulnerability scans using software like `Nessus` or `OpenVAS` to detect potential security risks on the Windows machines.

**Document Findings**

Create a table to document your findings:

| IP Address | OS Version | Open Ports | Vulnerabilities |
| ---------- | ---------- | ---------- | --------------- |
|            |            |            |                 |

Proceed with caution and ensure you have authorization before engaging in any potentially intrusive activities.

{% content-ref url="<https://app.gitbook.com/o/at4Z0L3dsguKUukMngZV/s/nygMadKUF5c2igU45MrT/>" %}
[NetBios Penetration Testing](https://app.gitbook.com/o/at4Z0L3dsguKUukMngZV/s/nygMadKUF5c2igU45MrT/)
{% endcontent-ref %}