Without giving too much away, the expected solution path looks something like this:
-Use nmap with a vulnerability scan to identify a vulnerable service running on target01.
-Use metasploit to locate a module related to the vulnerable service, then run that module against the vulnerable service to compromise target01.
-After running the exploit module, you should get root access to the target01, which will allow you to obtain the first flag.
-You should also find another user account. Some exploration of this account should reveal additional information that you can use to employ a nested tunnel strategy to access target02.
If you’re having trouble with the Challenge - it is admittedly a bit more complex than some of the others in the Penetration Tester Practice section - I would recommend moving on to a different one.
I’ll clarify this in the instructions, but “key” is intended to be a placeholder for an actual RSA private key (or the file containing the key) - not the word “key”.
You can get access to the private key by exploring the second user account discovered on target01. You will then need to extract the key to the kali machine.