https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/
https://cqureacademy.com/blog/penetration-testing/smb-relay-attack
https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability
https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python
CrackMapExec : https://github.com/byt3bl33d3r/CrackMapExec
You can use CME to spray credentials across a network as well from the command line:Winexe : https://sourceforge.net/projects/winexe/
Smbclient : Besides executing commands, you can RDP (as seen above), or mount SMB shares and download/upload files arbitrarily:
net use : login via SMB
net session : check open connections
net use /delete * : terminate open sessions
Using 'runas' to get Kerberos auth
netonly : authenticate as a domain user, even though we're not on a domain joined machine
net use : open connections with specified credentials
klist : list kerberos tickets