Start with a NMap Scan.
Because anonymous access is enabled on the FTP service we could check out what we can find there. Connecting to FTP we have the possibility of downloading two files. One contains something that looks like a password list and the other some notes.
We might have a username. Let’s try to bruteforce ssh using what we consider to be the password list.
It seems we have gained foothold to the target system. Login and start enumerating the system.
Using GTFOBins we can do the privilege escalation.