> For the complete documentation index, see [llms.txt](https://www.netexec.wiki/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.netexec.wiki/smb-protocol.md).

# SMB protocol

- [Generate hosts file](https://www.netexec.wiki/smb-protocol/generate-hosts-file.md)
- [Generate krb5.conf file](https://www.netexec.wiki/smb-protocol/generate-krb5.conf-file.md)
- [Generate TGT](https://www.netexec.wiki/smb-protocol/generate-tgt.md)
- [Scan for Vulnerabilities](https://www.netexec.wiki/smb-protocol/scan-for-vulnerabilities.md): Check if host is vulnerable
- [Enumeration](https://www.netexec.wiki/smb-protocol/enumeration.md): Enumeration on NetExec
- [Enumerate Hosts](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-hosts.md)
- [Enumerate Null Sessions](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-null-sessions.md)
- [Enumerate Guest Logon](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-guest-logon.md)
- [Enumerate Hosts with SMB Signing Not Required](https://www.netexec.wiki/smb-protocol/enumeration/smb-signing-not-required.md)
- [Enumerate Active Windows Sessions](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-active-windows-sessions.md)
- [Enumerate Logged-On Users with the Remote Registry Service](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-logged-on-users-winreg.md)
- [Enumerate Logged-On Users with the Workstation Service](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-logged-on-users-wkssvc.md)
- [Enumerate Shares and Access](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-shares-and-access.md)
- [Enumerate Network Interfaces](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-network-interfaces.md)
- [Enumerate NTLMv1](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-ntlmv1.md)
- [Enumerate Disks](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-disks.md)
- [Enumerate Bitlocker](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-bitlocker.md)
- [Enumerate Domain Users](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-users.md)
- [Enumerate Users by Bruteforcing RID](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-users-by-bruteforcing-rid.md)
- [Enumerate Domain Groups](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-groups.md)
- [Enumerate Local Groups](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-local-groups.md)
- [Enumerate Domain Password Policy](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-password-policy-1.md)
- [Enumerate Anti-Virus & EDR](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-antivirus-edr.md): Enumerate antivirus installed using NetExec
- [Enumerate remote processes](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-remote-processes.md)
- [Enumerate changed lockscreen executables](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-lockscreen-backdoors.md): Detect Windows lock screen backdoors by checking FileDescriptions of accessibility binaries.
- [Enumerate Primary Site Server and Distribution Point via recon6](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-sccm-primarysiteserver-and-distributionpoint.md)
- [Password Spraying](https://www.netexec.wiki/smb-protocol/password-spraying.md): Using NetExec for password spraying
- [Authentication](https://www.netexec.wiki/smb-protocol/authentication.md): Authentication on NetExec
- [Checking Credentials (Domain)](https://www.netexec.wiki/smb-protocol/authentication/checking-credentials-domain.md)
- [Checking Credentials (Local)](https://www.netexec.wiki/smb-protocol/authentication/checking-credentials-local.md)
- [Delegation](https://www.netexec.wiki/smb-protocol/authentication/delegation.md): Resource Based Constrained Delegation (RBCD) and
- [Command Execution](https://www.netexec.wiki/smb-protocol/command-execution.md): Command execution on NetExec
- [Executing Remote Commands](https://www.netexec.wiki/smb-protocol/command-execution/execute-remote-command.md)
- [Process Injection (pi module)](https://www.netexec.wiki/smb-protocol/command-execution/execute-remote-command/process-injection-pi-module.md)
- [Getting Shells 101](https://www.netexec.wiki/smb-protocol/command-execution/getting-shells-101.md)
- [Spidering Shares](https://www.netexec.wiki/smb-protocol/spidering-shares.md): Spidering shares with NetExec
- [Get and Put Files](https://www.netexec.wiki/smb-protocol/get-and-put-files.md): Get a remote file or send a remote file using NetExec
- [Obtaining Credentials](https://www.netexec.wiki/smb-protocol/obtaining-credentials.md)
- [Dump SAM](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-sam.md)
- [Dump LSA](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-lsa.md)
- [Dump NTDS.dit](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-ntds.dit.md)
- [Dump LSASS](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-lsass.md)
- [Dump DPAPI](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-dpapi.md): Dump DPAPI credentials using NetExec
- [Dump with BackupOperator Priv](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-backupop.md)
- [Dump SCCM](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-sccm.md)
- [Dump Token Broker Cache](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-token-broker-cache.md): Dump access token for Azure and Microsoft 365 from Token Broker Cache.
- [Dump WIFI password](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-wifi-password.md)
- [Dump KeePass](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-keepass.md)
- [Dump Veeam](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-veeam.md): Dump passwords used by Veeam for backup jobs
- [Dump WinSCP](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-winscp.md): Dump WinSCP Credentials stored in the registry or local files
- [Dump PuTTY](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-putty.md): Dump private Keys stored for authentication or stored proxy credentials
- [Dump VNC](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-vnc.md): Dump VNC password from RealVNC or TightVNC
- [Dump mRemoteNG](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-mremoteng.md): Dump mRemoteNG stored credentials
- [Dump Notepad](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-notepad.md): Dump unsaved Notepad documents
- [Dump Notepad++](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-notepad++.md): Dump Notepad++ unsaved documents
- [Dump Remote Desktop Credential Manager](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-rdcman.md): Dump Remote Desktop Connection Manager credentials
- [Dump Event Log Creds(4688)](https://www.netexec.wiki/smb-protocol/obtaining-credentials/eventlog-creds.md)
- [Defeating LAPS](https://www.netexec.wiki/smb-protocol/defeating-laps.md): NetExec vs LAPS
- [Checking for Spooler & WebDav](https://www.netexec.wiki/smb-protocol/spooler-webdav-running.md)
- [Steal Microsoft Teams Cookies](https://www.netexec.wiki/smb-protocol/steal-microsoft-teams-cookies.md)
- [Impersonate logged-on Users](https://www.netexec.wiki/smb-protocol/impersonate-logged-on-users.md): Use Sessions from logged-on Users to execute arbitrary commands using schtask\_as
- [Change User Password](https://www.netexec.wiki/smb-protocol/change-user-password.md)
- [Modify Group](https://www.netexec.wiki/smb-protocol/modify-group.md)
- [Dump User Local Security Questions](https://www.netexec.wiki/smb-protocol/dump-user-local-security-questions.md)
