FTP
Nmap has enumerated that the target system is hosting a FTP server on port 21
┌──(kali㉿kali)-[~/archive/htb/labs/devel]
└─$ ftp $IP
Connected to 10.10.10.5.
220 Microsoft FTP Service
name (10.10.10.5:kali): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
password: anonymous
230 User logged in.The target FTP server allows anonymous-login
ftp> ls
229 Entering Extended Passive Mode (|||49158|)
125 Data connection already open; Transfer starting.
03-18-17 02:06AM <DIR> aspnet_client
03-17-17 05:37PM 689 iisstart.htm
03-17-17 05:37PM 184946 welcome.png
226 Transfer complete.This looks just like the web root directory for the default Windows IIS installation It is possible that the FTP is serving the web server for ease of access for development purpose
I can test it out
File Upload
┌──(kali㉿kali)-[~/archive/htb/labs/devel]
└─$ echo 'monki eats a banana' > test.txtI first created a test file with some content in it
┌──(kali㉿kali)-[~/archive/htb/labs/devel]
└─$ ftp $IP
Connected to 10.10.10.5.
220 Microsoft FTP Service
Name (10.10.10.5:kali): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password: anonymous
230 User logged in.
ftp> put test.txt
local: test.txt remote: test.txt
229 Entering Extended Passive Mode (|||49158|)
125 Data connection already open; Transfer starting.
100% |*******************************************************************************************| 21 325.52 KiB/s --:-- ETA
226 Transfer complete.
21 bytes sent in 00:00 (0.53 KiB/s)The test.txt file should be accessible from the web server now if my theory is correct