Just rooted this box - This was a great box to learn on, and learned how to use some great tools. There’s enough hints on this thread to get you going but if anybody needs a little push PM me.
Root:: very , very nice box !!!
Got root. This box was pure ■■■■ for me, since I know very little about windows. I’ve discovered a lot and I’m very happy!
Nice 
Great machine! You really have to have the right versions of j*** or ht to proceed. Lost two days when my ht box died.
finally rooted… thanks for the creater. learn lots of new things. feel free to PM for hints
Besides looking at the obvious share, is the path to user in that share or is it something else or dependent on a specific tool?
Update – Okay, I’m a dumbass, it’s in there…
Awesome box, nothing out of this forum will u need to solve this box.
Thx, great box. All you need is all you have, yet.
Nice box, but struggle with the privesc part.
- I’ve got user
- Got some hash to crack
- Cracking it in the latest version of h*****t will however give a Token length exception
update: looks like a bug in h*****t, an older version does the trick
AWESOME BOX! Gotcha ! for those who wanna get shell just use: without quotes
’ psexec.py domainname/user@machinename cmd ’ (It needs admin credential) or who do not wanna crack the hash you’ve found just pass the hash . Thanks creator of the box I’ve just learned new knowledge and thanks @stahaa for your helpfulness.
I have the initial creds have read a lot about the service and the documented *****roasting attack … but how do I connect to the box?? I have no experience with AD systems.
I have an idea what the service is and what to do but i dont know how to connect or even interact with the service. Can someone please pm and Nudge me in the right direction?
pm me if anyone need help
Rooted 
Quite a step up after Jerry. Learned a lot.
So i got the what i need for root but i cant find any way to crack it! Tried the cat and the ripper both are giving me all sorts of errors … Any kind soul can help out?
Rooted!! Pain in the ■■■ but worth cracking root hash was a problem as the cat and the ripper had a lot of problems… Very Straightforward and simple box I just wasnt smart enough 
Tim Medin is your go to guy 
stuck on getting root. cracking the hash isn’t working and i’m getting nowhere with impacket. any hints through DM?
I got the user but stuck on root. Help?!?
Great box, just completed it. You can solve almost the entirely of the box with just impacket toolkit.
This box is something that I would see at work 
to the creators
I am stuck at initial PrivEsc. I managed to login into the box using “SmClit" without any creds, and I manage to get into two "shas". One is "Repcatn" (in which I found several folders but no files) and the second one is "IP*” which does not let me even “dir” into it (I get access denied). Nullinux and enum4linux (that were previously mentioned here, so no spoiler) ended up with a bunch of failures, and none of the metasploit auxilieries/exploits worked. Am Iooking in the wrong place ?
Got root flag. A quick pointer for people to avoid encountering the same issue I was:
If you’re running a virtual machine, make sure you crack hashes on your host system rather than your virtual box so your GPU is used. DON’T use the ‘–force’ flag for hashcat on your VM - it can output incorrect passwords.