PTS: 22

nmap usual:

21/tcp   open  ftp             vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_Can't get directory listing: ERROR
| ftp-syst: 
|   STAT: 
| FTP server status:
|      Connected to 172.16.10.206
|      Logged in as ftp
|      TYPE: ASCII
|      No session bandwidth limit
|      Session timeout in seconds is 300
|      Control connection is plain text
|      Data connections will be plain text
|      At session startup, client count was 4
|      vsFTPd 3.0.3 - secure, fast, stable
|_End of status
22/tcp   open  ssh             OpenSSH 7.6 (protocol 2.0)
| ssh-hostkey: 
|   2048 33:dc:72:fb:b7:89:ae:96:e1:ce:9d:f3:14:52:96:ed (RSA)
|   256 cf:f8:6d:e2:bb:41:e7:05:2b:9e:62:ed:1c:c3:c3:c0 (ECDSA)
|_  256 8d:e1:a6:89:91:74:06:1d:f2:2f:f2:40:e5:b1:e6:f5 (ED25519)
9090/tcp open  ssl/zeus-admin?
| fingerprint-strings: 
|   GetRequest, HTTPOptions: 
|     HTTP/1.1 400 Bad request
|     Content-Type: text/html; charset=utf8
|     Transfer-Encoding: chunked
|     X-DNS-Prefetch-Control: off
|     Referrer-Policy: no-referrer
|     <!DOCTYPE html>
|     <html>
|     <head>
|     <title>
|     request
|     </title>
|     <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|     <meta name="viewport" content="width=device-width, initial-scale=1.0">
|     <style>
|     body {
|     margin: 0;
|     font-family: "Open Sans", Helvetica, Arial, sans-serif;
|     font-size: 12px;
|     line-height: 1.66666667;
|     color: #333333;
|     background-color: #f5f5f5;
|     border: 0;
|     vertical-align: middle;
|     font-weight: 300;
|     margin: 0 0 10px;
|     @font-face {
|     font-family: 'Open Sans';
|_    font-styl
| ssl-cert: Subject: commonName=workstation1/organizationName=3c6b883add9b4f939783f4b83f725461/countryName=US
| Subject Alternative Name: DNS:workstation1, DNS:localhost, IP Address:127.0.0.1
| Issuer: commonName=workstation1/organizationName=3c6b883add9b4f939783f4b83f725461/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-05-22T07:27:25
| Not valid after:  2030-07-10T00:07:25
| MD5:   b1dd 4044 e605 74a2 6abb 8b9e ef87 0132
|_SHA-1: d0e1 d67c 98d2 92c9 cad2 58ff fc42 1dcf de26 77a5
|_ssl-date: 2020-05-22T10:08:27+00:00; -2m06s from scanner time.

https://orcus.pg:9090/ gets a Fedora Server Edition login page

ftp allows anonymous login, but doesn’t give anything promising:

ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 0        0            4096 Mar 08  2018 pub
226 Directory send OK.
ftp> cd pub
250 Directory successfully changed.
ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 0        0        250759525 Mar 13  2015 spark-1.3.0-bin-hadoop2.3.tgz

no permissions to write to ftp also.