Fastest box I ever went from user to root.
User was harder than root imo
Quite simple and easy, box, I just SUCK at Windows 
Type your comment> @iGotRoot said:
Fastest box I ever went from user to root.
User was harder than root imoQuite simple and easy, box, I just SUCK at Windows
Been on root for a few hours now can I PM?
This was great! Loved the experience! Love to know what someone used to decrypt admin, took me a bit because all of the scripts I tried failed.
Got User yesterday and Root today. Probably my favourite box I’ve done so far!
Hi all, good box, spent a lot of time on it
Thx to @0xNoOne for the decrypting help
Thx to @L4mpje for the box
Still stuck at PrivEsc, not able to decrypt admin pwd, can someone help me with the %.%ml file please
Type your comment> @ferrum2655845 said:
Still stuck at PrivEsc, not able to decrypt admin pwd, can someone help me with the %.%ml file please
Have a look over on Github
Rooted! Pm if you need a nudge in the right direction.
hello everyone:) this is my third machine, i’m having a lot of fun but have problem with user. got user hash from s****mp but it doesn’t work as user flag, can somebody help me?
@raven37 - you need to access another service with the decrypted password for the user then get user.txt contents from desktop.
Fun box, not sure any need for a WIndows machine on this - managed to do it all from Kali easily.
Finally got root! 100% Kali. Agree with others that this was excellent Windows learning exp.
User: Got hung up on the fact that my process was using ec2-user (AWS kali instance); need to be root on Kali when doing the thing where you don’t have to use a Windows VM. Also, can’t say I knew much about Windows cred storage until this box. A little embarassing.
Root: Thanks @0xNoOne for handy script. Had to read through this forum a few times to figure out what everyone was talking about. LOL. That m******** app is a real ■■■■■■ from a vuln perspective. Ouch!
Thanks, @L4mpje!
@L4mpje Thank you for making an awesome box, very realistic but also friendly for new starters. I really enjoyed this and learnt quite a lot. (My favourite box so far)
User: is fairly easy as long as you can find a large file and somehow read it’s content
Root: You’ll need to do some research, enumeration, and find some tools to help you on the cracking journey 
(lower ports are your best friend)
@DAAAALY thank you, user owned, going for root
Spoiler Removed
Rooted as well.
This one had a harder user than root for me.
user: just be sure to mount the v** backup correctly, and have a look inside there are pretty standard methods to get passwords for Wi*****.
root: just have a look at what programs are installed in the machine, one is vulnerable.
Good luck.
Rooted. I’ve wasted much time in getting root.
USER: It’s easy if you know to use a specific related to Windows registry.
ROOT: It’s easy when you have already discovered that stuff, but meanwhile you can break your brain till do it. The biggest hint I can give is, forget keep tracking the registry files because you won’t find anything relevant and you could waste a lot of time looking those files from ■■■■.
I read through most of this thread when I was stuck getting the user’s password and saw a lot of people mentioning just getting the S*M file and brute force cracking the password hash. That seemed a bit weird to me, as it could take a very long time (I tried normal password lists and got nothing) and I assumed this is probably not what the creator intended us to do. So I did a bit more digging and found the user’s password somewhere else, that did not require a dictionary or brute force attack. I won’t spoil anything, but just wanted to post this in case other people are bored of trying to just brute force crack an NTLM hash like I was.
Rooted and User-ed! 1st HTB box down! Can do the whole thing in Kali Linux, and a great many of you are on the right track - have been using this thread to see if I was going off on a tangent.
My first Windows Box and even a nice one. Thanks, was fun!
Make sure to activate the Virtualize Intel VT from your CPU in the VM Settings otherwise you can’t mount inside kali another thing.