# Enumeration

Running nmap scan on the target machine 

```
nmap -sV -sC -A -p 0-10000 10.129.212.3
```

<figure><img src="https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2F9jpSB4VW3tCRkfArM9Au%2Fimage.png?alt=media&#x26;token=47eed9c0-8ccd-49ff-ba02-38b59f189f2c" alt=""><figcaption></figcaption></figure>

Open ports are 22 and 5000, identified as OpenSSH and Gunicorn

Incase you are wondering what Gunicorn is,

<figure><img src="https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2Fx22HmIdJvv2xE9sRv2VF%2Fimage.png?alt=media&#x26;token=e0d7e9ab-e0ec-407a-9f6f-fb6a0c434c97" alt=""><figcaption></figcaption></figure>

Using the Dirbuster console to get more information on the target URL + Gunicorn

<figure><img src="https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2FAhD9BfkB5Wp3hADDqyQ9%2Fimage.png?alt=media&#x26;token=70b144d7-9540-4da6-9db9-c3b8983850fb" alt=""><figcaption></figcaption></figure>

Used auto switch, increased the threads, also used list based brute force, common.txt list

<figure><img src="https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2Fpjw3e7Knq5ZdtVt40Y0j%2Fimage.png?alt=media&#x26;token=5bd142e1-8e23-4eae-9074-79c0767442eb" alt=""><figcaption></figcaption></figure>

Dirbuster finds /feed and /upload. The upload page allows uploading of XML files