So we ran the first scan and we found the ports 80,443,22,111,139
We went to the website and see what's hosted on the open 80,443 ports and there was just a default web page which is odd and if there is no other website behind this default pages its a bad vulnerability.
Information Disclosure - 404 page
Information Disclosure - Server headers disclose what OS and version is the server running
Also Managed to find User Logs which might be a possible risk and is Information Leakage Port 80 is open with Apache 1.3.20(Unix) running
SMB version - Unix (Samba 2.2.1a)
SSH version - OpenSSH 2.9p2
Webalizer Version 2.01 - http://192.168.146.129/usage/usage_200909.html
Exploitation