# SMB protocol - [Generate hosts file](/smb-protocol/generate-hosts-file.md) - [Generate krb5.conf file](/smb-protocol/generate-krb5.conf-file.md) - [Generate TGT](/smb-protocol/generate-tgt.md) - [Scan for Vulnerabilities](/smb-protocol/scan-for-vulnerabilities.md): Check if host is vulnerable - [Enumeration](/smb-protocol/enumeration.md): Enumeration on NetExec - [Enumerate Hosts](/smb-protocol/enumeration/enumerate-hosts.md) - [Enumerate Null Sessions](/smb-protocol/enumeration/enumerate-null-sessions.md) - [Enumerate Guest Logon](/smb-protocol/enumeration/enumerate-guest-logon.md) - [Enumerate Hosts with SMB Signing Not Required](/smb-protocol/enumeration/smb-signing-not-required.md) - [Enumerate Active Windows Sessions](/smb-protocol/enumeration/enumerate-active-windows-sessions.md) - [Enumerate Logged-On Users with the Remote Registry Service](/smb-protocol/enumeration/enumerate-logged-on-users-winreg.md) - [Enumerate Logged-On Users with the Workstation Service](/smb-protocol/enumeration/enumerate-logged-on-users-wkssvc.md) - [Enumerate Shares and Access](/smb-protocol/enumeration/enumerate-shares-and-access.md) - [Enumerate Network Interfaces](/smb-protocol/enumeration/enumerate-network-interfaces.md) - [Enumerate NTLMv1](/smb-protocol/enumeration/enumerate-ntlmv1.md) - [Enumerate Disks](/smb-protocol/enumeration/enumerate-disks.md) - [Enumerate Bitlocker](/smb-protocol/enumeration/enumerate-bitlocker.md) - [Enumerate Domain Users](/smb-protocol/enumeration/enumerate-domain-users.md) - [Enumerate Users by Bruteforcing RID](/smb-protocol/enumeration/enumerate-users-by-bruteforcing-rid.md) - [Enumerate Domain Groups](/smb-protocol/enumeration/enumerate-domain-groups.md) - [Enumerate Local Groups](/smb-protocol/enumeration/enumerate-local-groups.md) - [Enumerate Domain Password Policy](/smb-protocol/enumeration/enumerate-domain-password-policy-1.md) - [Enumerate Anti-Virus & EDR](/smb-protocol/enumeration/enumerate-antivirus-edr.md): Enumerate antivirus installed using NetExec - [Enumerate remote processes](/smb-protocol/enumeration/enumerate-remote-processes.md) - [Enumerate changed lockscreen executables](/smb-protocol/enumeration/enumerate-lockscreen-backdoors.md): Detect Windows lock screen backdoors by checking FileDescriptions of accessibility binaries. - [Enumerate Primary Site Server and Distribution Point via recon6](/smb-protocol/enumeration/enumerate-sccm-primarysiteserver-and-distributionpoint.md) - [Password Spraying](/smb-protocol/password-spraying.md): Using NetExec for password spraying - [Authentication](/smb-protocol/authentication.md): Authentication on NetExec - [Checking Credentials (Domain)](/smb-protocol/authentication/checking-credentials-domain.md) - [Checking Credentials (Local)](/smb-protocol/authentication/checking-credentials-local.md) - [Delegation](/smb-protocol/authentication/delegation.md): Resource Based Constrained Delegation (RBCD) and - [Command Execution](/smb-protocol/command-execution.md): Command execution on NetExec - [Executing Remote Commands](/smb-protocol/command-execution/execute-remote-command.md) - [Process Injection (pi module)](/smb-protocol/command-execution/execute-remote-command/process-injection-pi-module.md) - [Getting Shells 101](/smb-protocol/command-execution/getting-shells-101.md) - [Spidering Shares](/smb-protocol/spidering-shares.md): Spidering shares with NetExec - [Get and Put Files](/smb-protocol/get-and-put-files.md): Get a remote file or send a remote file using NetExec - [Obtaining Credentials](/smb-protocol/obtaining-credentials.md) - [Dump SAM](/smb-protocol/obtaining-credentials/dump-sam.md) - [Dump LSA](/smb-protocol/obtaining-credentials/dump-lsa.md) - [Dump NTDS.dit](/smb-protocol/obtaining-credentials/dump-ntds.dit.md) - [Dump LSASS](/smb-protocol/obtaining-credentials/dump-lsass.md) - [Dump DPAPI](/smb-protocol/obtaining-credentials/dump-dpapi.md): Dump DPAPI credentials using NetExec - [Dump with BackupOperator Priv](/smb-protocol/obtaining-credentials/dump-backupop.md) - [Dump SCCM](/smb-protocol/obtaining-credentials/dump-sccm.md) - [Dump Token Broker Cache](/smb-protocol/obtaining-credentials/dump-token-broker-cache.md): Dump access token for Azure and Microsoft 365 from Token Broker Cache. - [Dump WIFI password](/smb-protocol/obtaining-credentials/dump-wifi-password.md) - [Dump KeePass](/smb-protocol/obtaining-credentials/dump-keepass.md) - [Dump Veeam](/smb-protocol/obtaining-credentials/dump-veeam.md): Dump passwords used by Veeam for backup jobs - [Dump WinSCP](/smb-protocol/obtaining-credentials/dump-winscp.md): Dump WinSCP Credentials stored in the registry or local files - [Dump PuTTY](/smb-protocol/obtaining-credentials/dump-putty.md): Dump private Keys stored for authentication or stored proxy credentials - [Dump VNC](/smb-protocol/obtaining-credentials/dump-vnc.md): Dump VNC password from RealVNC or TightVNC - [Dump mRemoteNG](/smb-protocol/obtaining-credentials/dump-mremoteng.md): Dump mRemoteNG stored credentials - [Dump Notepad](/smb-protocol/obtaining-credentials/dump-notepad.md): Dump unsaved Notepad documents - [Dump Notepad++](/smb-protocol/obtaining-credentials/dump-notepad++.md): Dump Notepad++ unsaved documents - [Dump Remote Desktop Credential Manager](/smb-protocol/obtaining-credentials/dump-rdcman.md): Dump Remote Desktop Connection Manager credentials - [Dump Event Log Creds(4688)](/smb-protocol/obtaining-credentials/eventlog-creds.md) - [Defeating LAPS](/smb-protocol/defeating-laps.md): NetExec vs LAPS - [Checking for Spooler & WebDav](/smb-protocol/spooler-webdav-running.md) - [Steal Microsoft Teams Cookies](/smb-protocol/steal-microsoft-teams-cookies.md) - [Impersonate logged-on Users](/smb-protocol/impersonate-logged-on-users.md): Use Sessions from logged-on Users to execute arbitrary commands using schtask\_as - [Change User Password](/smb-protocol/change-user-password.md) - [Dump User Local Security Questions](/smb-protocol/dump-user-local-security-questions.md)