for the kioptrix1 VM hosted on Vulnhub from Kioptrix.

First off, nmap found the following ports open:

A lot of these I don’t use for this walkthrough, so as always I’ll save time by showing the straight line path I took.

smbclient doesn’t allow access to the drives enum4linux finds, but it does tells us that the version of samba is 2.2.1a, I google this and find an exploit: https://www.exploit-db.com/exploits/10/

So I compile this and run it as below:

Which gives me root access. I find a message from the author in /var/spool/mail/root: