Before moving forward, you should have (at least) performed the following steps:
- Information Gathering: to gain as much knowledge as possible about the target, maximizing your chances of success.
- Port Scanning: to enumerate open ports, os version and running services versions.
- Looking for Known Exploits: by googling, searching in metasploit, exploit-db, and other vulnerability databases.
- Attempting to Login: by using the service's default credentials.