In this walkthrough, we gain access to the target in two different ways. We attempt to exploit a vulnerable version of vsftp (2.3.4) that would allow an attacker to gain access to the target via a backdoor. This ends up being a red herring, so we continue to trying to exploit Samba 3.0.20. We successfully exploit the target and gain root access. We then take a step back and exploit the target via the distcc service. This time we pop a shell as a lower level user and proceed to priv esc via nmap as an SUID binary.