SSH
Nmap discovered a SSH server running on the target port 22
I was initially unable to do anything with it as I did not have any valid credential.
Now that I have extracted a few credentials, I will attempt to gain a foothold on the target system via SSH
┌──(kali㉿kali)-[~/archive/htb/labs/bastion]
└─$ sshpass -p 'bureaulampje' ssh l4mpje@$IP
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
l4mpje@bastion c:\Users\L4mpje> whoami
bastion\l4mpje
l4mpje@bastion c:\Users\L4mpje> hostname
Bastion
l4mpje@bastion c:\Users\L4mpje> ipconfig
Windows IP Configuration
ethernet adapter ethernet0:
connection-specific dns suffix . : htb
ipv6 address. . . . . . . . . . . : dead:beef::201
ipv6 address. . . . . . . . . . . : dead:beef::25e3:a1fe:1ad9:366b
link-local ipv6 address . . . . . : fe80::25e3:a1fe:1ad9:366b%4
ipv4 address. . . . . . . . . . . : 10.10.10.134
subnet mask . . . . . . . . . . . : 255.255.255.0
default gateway . . . . . . . . . : fe80::250:56ff:feb9:6c92%4
10.10.10.2
tunnel adapter isatap.{8253841c-588d-4e94-b23a-993bb2e4b4d9}:
media state . . . . . . . . . . . : Media disconnected
connection-specific dns suffix . : htb Initial Foothold established to the target system as l4mpje via SSH