From nmap, we can see it runs samba with Windows XP. If we scan it with vuln script in nmap, ms08-067, will appear.

Use exploit/windows/smb/ms08_067_netapi in msf, and we can have a shell with NT AUTHORITY\SYSTEM.