netexec
smb
initial enumeration
null authentication
guest authentication
list shares
list usernames
local authentication
using kerberos
password spray
all in one
spider_plus module
dump a specific file
dump lsa secrets
group policy preferences
dump laps v1 and v2 password
dump dpapi credentials
dump ntds.dit
webdav - checks whether the webclient service is running on the target
slinky - creates windows shortcuts with the icon attribute containing a UNC path to the specified SMB server in all shares with write permissions
ntdsutil - dump ntds with ntdsutil
dump lsass
retrieve msol account password
ftp
list folders and files
list files inside a folder
retrieve a specific file
ldap
enumerate users using ldap
all in one
kerberoast
asreproast
gmsa
check the machine account quota
adcs enumeration
bloodhound
mssql
execute commands using xp_cmdshell
-X for powershell and -x for cmd
get a file
source: https://github.com/seriotonctf/cme-nxc-cheat-sheet