Here are some helpful nmap scans for SQL, SMTP, SMB, and FTP. These can give you ideas by helping to enumerate the target system. Just replace the 192.0.2.0/24 with the target address or range. If a single host is targeted, the option –open can be removed.
SQL
nmap -sV -Pn -vv –script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 192.0.2.0/24 -p 3306 –open
SMTP
nmap –script=smtp-commands,smtp-enum-users,smtp-vuln-cve2010-4344,smtp-vuln-cve2011-1720,smtp-vuln-cve2011-1764 -p 25 192.0.2.0/24 –open
SMB
nmap -p 139,445 –script smb-v* –script-args=unsafe=1 192.0.2.0/24 –open
FTP
nmap –script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 192.0.2.0/24 –open