# SMB protocol - [Generate hosts file](https://www.netexec.wiki/smb-protocol/generate-hosts-file.md) - [Generate krb5.conf file](https://www.netexec.wiki/smb-protocol/generate-krb5.conf-file.md) - [Generate TGT](https://www.netexec.wiki/smb-protocol/generate-tgt.md) - [Scan for Vulnerabilities](https://www.netexec.wiki/smb-protocol/scan-for-vulnerabilities.md): Check if host is vulnerable - [Enumeration](https://www.netexec.wiki/smb-protocol/enumeration.md): Enumeration on NetExec - [Enumerate Hosts](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-hosts.md) - [Enumerate Null Sessions](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-null-sessions.md) - [Enumerate Guest Logon](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-guest-logon.md) - [Enumerate Hosts with SMB Signing Not Required](https://www.netexec.wiki/smb-protocol/enumeration/smb-signing-not-required.md) - [Enumerate Active Windows Sessions](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-active-windows-sessions.md) - [Enumerate Logged-On Users with the Remote Registry Service](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-logged-on-users-winreg.md) - [Enumerate Logged-On Users with the Workstation Service](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-logged-on-users-wkssvc.md) - [Enumerate Shares and Access](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-shares-and-access.md) - [Enumerate Network Interfaces](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-network-interfaces.md) - [Enumerate NTLMv1](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-ntlmv1.md) - [Enumerate Disks](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-disks.md) - [Enumerate Bitlocker](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-bitlocker.md) - [Enumerate Domain Users](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-users.md) - [Enumerate Users by Bruteforcing RID](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-users-by-bruteforcing-rid.md) - [Enumerate Domain Groups](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-groups.md) - [Enumerate Local Groups](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-local-groups.md) - [Enumerate Domain Password Policy](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-domain-password-policy-1.md) - [Enumerate Anti-Virus & EDR](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-antivirus-edr.md): Enumerate antivirus installed using NetExec - [Enumerate remote processes](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-remote-processes.md) - [Enumerate changed lockscreen executables](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-lockscreen-backdoors.md): Detect Windows lock screen backdoors by checking FileDescriptions of accessibility binaries. - [Enumerate Primary Site Server and Distribution Point via recon6](https://www.netexec.wiki/smb-protocol/enumeration/enumerate-sccm-primarysiteserver-and-distributionpoint.md) - [Password Spraying](https://www.netexec.wiki/smb-protocol/password-spraying.md): Using NetExec for password spraying - [Authentication](https://www.netexec.wiki/smb-protocol/authentication.md): Authentication on NetExec - [Checking Credentials (Domain)](https://www.netexec.wiki/smb-protocol/authentication/checking-credentials-domain.md) - [Checking Credentials (Local)](https://www.netexec.wiki/smb-protocol/authentication/checking-credentials-local.md) - [Delegation](https://www.netexec.wiki/smb-protocol/authentication/delegation.md): Resource Based Constrained Delegation (RBCD) and - [Command Execution](https://www.netexec.wiki/smb-protocol/command-execution.md): Command execution on NetExec - [Executing Remote Commands](https://www.netexec.wiki/smb-protocol/command-execution/execute-remote-command.md) - [Process Injection (pi module)](https://www.netexec.wiki/smb-protocol/command-execution/execute-remote-command/process-injection-pi-module.md) - [Getting Shells 101](https://www.netexec.wiki/smb-protocol/command-execution/getting-shells-101.md) - [Spidering Shares](https://www.netexec.wiki/smb-protocol/spidering-shares.md): Spidering shares with NetExec - [Get and Put Files](https://www.netexec.wiki/smb-protocol/get-and-put-files.md): Get a remote file or send a remote file using NetExec - [Obtaining Credentials](https://www.netexec.wiki/smb-protocol/obtaining-credentials.md) - [Dump SAM](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-sam.md) - [Dump LSA](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-lsa.md) - [Dump NTDS.dit](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-ntds.dit.md) - [Dump LSASS](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-lsass.md) - [Dump DPAPI](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-dpapi.md): Dump DPAPI credentials using NetExec - [Dump with BackupOperator Priv](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-backupop.md) - [Dump SCCM](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-sccm.md) - [Dump Token Broker Cache](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-token-broker-cache.md): Dump access token for Azure and Microsoft 365 from Token Broker Cache. - [Dump WIFI password](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-wifi-password.md) - [Dump KeePass](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-keepass.md) - [Dump Veeam](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-veeam.md): Dump passwords used by Veeam for backup jobs - [Dump WinSCP](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-winscp.md): Dump WinSCP Credentials stored in the registry or local files - [Dump PuTTY](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-putty.md): Dump private Keys stored for authentication or stored proxy credentials - [Dump VNC](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-vnc.md): Dump VNC password from RealVNC or TightVNC - [Dump mRemoteNG](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-mremoteng.md): Dump mRemoteNG stored credentials - [Dump Notepad](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-notepad.md): Dump unsaved Notepad documents - [Dump Notepad++](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-notepad++.md): Dump Notepad++ unsaved documents - [Dump Remote Desktop Credential Manager](https://www.netexec.wiki/smb-protocol/obtaining-credentials/dump-rdcman.md): Dump Remote Desktop Connection Manager credentials - [Dump Event Log Creds(4688)](https://www.netexec.wiki/smb-protocol/obtaining-credentials/eventlog-creds.md) - [Defeating LAPS](https://www.netexec.wiki/smb-protocol/defeating-laps.md): NetExec vs LAPS - [Checking for Spooler & WebDav](https://www.netexec.wiki/smb-protocol/spooler-webdav-running.md) - [Steal Microsoft Teams Cookies](https://www.netexec.wiki/smb-protocol/steal-microsoft-teams-cookies.md) - [Impersonate logged-on Users](https://www.netexec.wiki/smb-protocol/impersonate-logged-on-users.md): Use Sessions from logged-on Users to execute arbitrary commands using schtask\_as - [Change User Password](https://www.netexec.wiki/smb-protocol/change-user-password.md) - [Modify Group](https://www.netexec.wiki/smb-protocol/modify-group.md) - [Dump User Local Security Questions](https://www.netexec.wiki/smb-protocol/dump-user-local-security-questions.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.netexec.wiki/smb-protocol.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.