This is my walkthrough on Lame

Initial Scan

sudo nmap -T4 -v 10.129.111.164 -oA Lame
sudo nmap -T4 -p 21,22,139,445 -sV -v 10.129.111.164 -oA Lame

FTP

Anonymous Login is enabled, we might be ableto do something with that.

SMB

Only have access to the tmp directory.

MSFconsole

Check around for SMB version vulnerabilities we find a Rapid7 Document

User Flag: a6a83ea02ff14ca4aa497dad8c2f775

Root Flag: 162680cf1f47cde0affaecd104a59588