From nmap, we can see it runs samba with Windows 7. If we scan it with vuln script in nmap, ms17-010, a.k.a. EternalBlue, will appear.

Local Picture

Local Picture

Use exploit/windows/smb/ms17_010_eternalblue in msf, and we can have a shell with NT AUTHORITY\SYSTEM.

Local Picture

Local Picture

Local Picture

Local Picture