@nullsession0x said:
Spoiler Removed - Arrexel
right place, look harder 
Iāve found creds and decrypted password, what tool would I need to use to get a shell on the box? Iāve tried smbclient and pth-winexe to no avail
@nullsession0x said:
Iāve found creds and decrypted password, what tool would I need to use to get a shell on the box? Iāve tried smbclient and pth-winexe to no avail
Maybe you donāt need a shell. Look at the info you have and google it a bit.
This box was patched for ms14-068 meaning that the intended path may not need an āexploitā persay. Its a legit pentesting method, Just think about the principal of the matter. 
Finally got root thanks to JunGLeJuiCeās tip. If anyone needs hints PM me. It was a fun box indeed learned alot. Windows machines are always tricky and fascinating.
I get what I need to look at for getting root thanks to the hinted here, but Iām struggling to find decent reading material to learn how to perform the steps. Could someone PM me some articles or something to help me better understand?
I spent hours and my brain is washed. I was just trying my first box. Is it related to SMB? Thanks.
Got rootā¦ would say that very good hints are already provided here for both user and priv esc .
@Moliata said:
I spent hours and my brain is washed. I was just trying my first box. Is it related to SMB? Thanks.
This is not a good first box unless you already know AD, and have experience in mixed AD-Linux environments.
Got root) if someone needs a hint pm me
Got root, very interesting machine, as people has said is very real and the fact that is on Windows makes it better, thanks to @n01n02H for all the help. Pm if you need any hint!
I confirm @Blastware comment, got Domain Admin by this way during a pentest on my office.
I donāt understand why my enum is not working. I talked to another person and their s**client was working fine but I keep getting connection reset all the timeā¦
Try using GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB. instead of enum4linux
In reply to @mercwri:
Which box do you recommend to start with?
Any one able to give me any hints on getting root flag.
Also I donāt know why people remove my comments as spoilers! Itās about helping people
canāt manage how to use john to do the job
@Moliata said:
In reply to @mercwri:
Which box do you recommend to start with?
Perhaps for a start you should have a glance at Jerryās. Itās also recommended to work with the retired machines as good write-upās and videos are out directly on the machinesās profile site or may ask aunt Google. You can learn a lot from these.
Cracking at 407.1 kH/s - Does anyone wanna give me a hand in regards to what wordlist
Great box, really enjoyed it. Lots learn. I disagree with people saying all you need is Kali! There are tools out there that you will need to download to enable you to complete this. The tools I used were;
Nullinux - GitHub - m8sec/nullinux: Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
CME (CrackMapExec) - GitHub - Porchetta-Industries/CrackMapExec: A swiss army knife for pentesting networks
ImPacket - GitHub - fortra/impacket: Impacket is a collection of Python classes for working with network protocols.
Enjoy