From nmap, we can see that it runs ftp with anonymous login and samba.

When we connect to ftp, we see nothing. We see nothing with enum4linux as well.

Use searchsploit with samba 3.0.20, we can see that there could be a potential RCE.

With exploit/multi/samba/usermap_script in msf, we can get a shell with user root.