$PATH environment variable:bash_history:grep for something uniquely associated with URLs, then cut out extraneous information:href= which identifies hyperlinks in HTML. We can filter more precisely by looking for recurring characters that help us divide the data into smaller chunks. The command cut -d "/" chunks the data and separates it by /. The -f 3 option tells us to filter out the 3rd chunk (field) of data.sort -u:host command on every domain in a text file:host to find successful lookups:has address, filtering out the URL by using spaces as the delimiter and then removing duplicates with sort.>:>>:|:cmd.exe:home/user/.ssh/id_rsa) you can paste the keyfile contents into a text file on your local machine, set the right permissions with chmod 600 and ssh in with it.127.0.0.1 or localhost). To access this local-only service from your remote machine, you'll need to instruct SSH to forward connections from your machine's local port 5901 to the server's loopback interface + listening port for VNC: 127.0.0.1:5901.5901 to 127.0.0.1:5901 on the remote host. Because of this tunnel, the second command lets you connect VNC service as if you were on the same server.localhost on port 5432.9000 to localhost:5432 on the remote server:authorized_keys file. Using the string in that file, go into the corresponding folder of weak keys (DSA or RSA, choose the right one!) and grep for the public key:chmod 700 so that you can use it with ssh. It's very likely you'll need to update your local ssh config file /home/user/ssh/ssh_config with some ancient stuff to connect successfully, like this:-vvv debug parameter to your SSH command and google the error messages. There is also a good walkthrough of the whole process with a downloadable Vulnhub machine for practice.