If the target is specifically (often seen in old Ubuntu 16.04 environments like in the Stapler CTF ), the path to exploitation is usually:
As shown in pentesting walkthroughs, users identified in the system (e.g., via ftp enumeration) can be targeted with tools like Hydra to obtain credentials. vsftpd 2.0.8 exploit github
There are various GitHub repositories that contain exploit code for this vulnerability. One example is: If the target is specifically (often seen in old Ubuntu 16
If you are looking at exploit scripts on GitHub for this specific version, they generally feature the following: Core Features of vsftpd 2.0.8 Exploits Remote Denial of Service (DoS): users identified in the system (e.g.