-Xyou have to run CME as sudo since the port 445 was needed. This was an old feature that is now deprecated.
--laps. If you have compromised an account that can read LAPS password, you can now use this account and target every computer you want on the network, CME will automatically use this account to get the LAPS password of the computer targeted :)
It allows attackers to elicit authentications made over HTTP instead of SMB, hence heightening NTLM relay capabilities.
crackmapexec smb <ip> -u '' -p '' -M ms17-010(not tested outside HTB) @ ywolf
ioxidresolverwill helps you to identify hosts that have additional active interfaces, which usually means, virtual machines, VPNs, connected wireless, docker, etc. Really usefull on internal pentest sometimes to target the right server directly and avoid losing time !