From nmap, we can see it runs samba with Windows 7. If we scan it with vuln script in nmap, ms17-010, a.k.a. EternalBlue, will appear.

From nmap, we can see that it runs ftp with anonymous login and samba.

From nmap, we can see it runs samba with Windows XP. If we scan it with vuln script in nmap, ms08-067, will appear.

Recon

inspector

my sources tell me that the flag might be at wpictf.xyz

Pwn

Admpanel

We found this legacy admin panel. Someone has patched it though :(