impacket-smbexec [<Domain Name>/]<Username>[:<Password>]@<Target IP Address>
impacket-psexec [<Domain Name>/]<Username>[:<Password>]@<Target IP Address>
impacket-wmiexec [<Domain Name>/]<Username>[:<Password>]@<Target IP Address>
Enumeration
Identify Version
sudo nmap -p 139,445 -sV -Pn <Target IP Address>
tcpdump -i tun0 port <Port> and src <Target IP Address> -s0 -A -n 2>/dev/null & crackmapexec smb <Target IP Address> --shares --port <Port> 1>/dev/null 2>/dev/null
Nmap
nmap --script "safe or smb-enum-*" -p 445 <Target IP Address>
nmap --script "smb-vuln*" -p 139,445 <Target IP Address>
enum4linux
enum4linux -a <Target IP Address>
enum4linux -a <Target IP Address> -u <Username> -p <Password>
smbclient
Null Session
smbclient -N -L \\\\<Target IP Address>
List all shares
smbclient -L \\\\<Target IP Address>\\
Connecting to the particular share
smbclient \\\\<Target IP Address>\\<Share Name>\\ -U [domain\]<Username>
List shares permission
smbmap -H <Target IP Address>
smbget
Download target file
smbget smb://<Target IP Address>/<Share Name>/<File Name> [--user <Username>%<Password>]
Download target share
smbget -R smb://<Target IP Address>//<Share Name>
crackmapexec
Enumerate SMB shares
crackmapexec smb <Target IP Address> [--users | --shares]