Personally, I would approach it one of two ways:
- Bruteforce the FTP server for a username / password
- Find an exploit for the CUPS 1.1 service (A google search for "CUPS 1.1 vulnerability" turned up quite a few results.)
Also, I generally like to stay away from "noisy" methods. Thus, I would pick the 2nd method.