From nmap, we can see that it runs ftp with anonymous login and samba.

Local Picture

When we connect to ftp, we see nothing. We see nothing with enum4linux as well.

Local Picture

Local Picture

Use searchsploit with samba 3.0.20, we can see that there could be a potential RCE.

Local Picture

With exploit/multi/samba/usermap_script in msf, we can get a shell with user root.

Local Picture

Local Picture