The most likely vulnerability that the attacker might have exploited is file system permissions.
Further explanation:
This hack is most likely a case of improper file system permissions. The attacker took advantage of this vulnerability and was able to read, right, and execute the content that was inside the FTP server. The network admin had most likely not configured the FTP server well enough and had incorrect file system permissions lying around which led to the anonymous user accessing restricted files and directories and modifying them.
Even worse is the fact that the anonymous user account was able to breach and maintain persistence. If the ps command shows that the nc file is running as process, and the netstat command shows the nc process is listening on a network port, then this means that the anonymous user is most likely still inside and is listening and waiting for an admin to log in so that he is able to establish a shell session.
Somehow, the Linux FTP server has allowed people to upload files and this can open doors to malicious attacks. If the anonymous user account has Read, write, modify, execute, list folder contents, traverse folder, list folder, read attributes, and many more file permissions, he will be able to modify the content that is inside the FTP server in many undesirable ways.
Learn more about security vulnerabilities in Information security.
https://brainly.com/question/11212666
https://brainly.com/question/2211853
https://brainly.com/question/13677934
#LearnWithBrainly
