Using a fast directory discovery tool called GoBuster you will locate a directory that you can use to upload a shell to.
To install,
sudo apt-get install gobuster
GoBuster is a tool used to brute-force URIs (directories and files), DNS subdomains and virtual host names. For this machine, we will focus on using it to brute-force directories.
Now lets run GoBuster with a wordlist: gobuster dir -u http://<ip>:3333 -w <word list location>
| GoBuster flag | Description |
| -e | Print the full URLs in your console |
| -u | The target URL |
| -w | Path to your wordlist |
| -U and -P | Username and Password for Basic Auth |
| -p <x> | Proxy to use for requests |
| -c <http cookies> | Specify a cookie for simulating your auth |
