Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it’s pure enjoyment. Going for root.
@T13nn3s said:
Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it’s pure enjoyment. Going for root.
haha thanks 
Rooted!
Finally got some time and did this box!
Learn a couple of new things, like how to bring back the dead.
No idea what is this Chef people talk about.
Enough tips on this thread already, but for root you just need a couple of PS Cmdlets once you know what your last user can do.
@gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc
Type your comment> @VbScrub said:
@gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc
Amazing!! I just found the website, gonna get a closer look. But no need for this box.
Thanks for the box though! ???
Rooted,
Thank you @VbScrub for a fun machine.
I finally get the references of; sometimes the dead also have secrets.
Hi all,
I’d appreciate a nudge with root if anyone’s available for a DM?
Thanks in advance
Type your comment> @Rayz said:
yea i had the same problem with root flag, was telling me that was incorrect. after a reset and re-root it passed. so i guess as of now, writeups are dead???
Not really dead. I see that some writeups are protected with the Administrator’s NTLM hash now.
That box was a hoot! Nice one @VbScrub
really nice box thanks @VbScrub
Rooted. Another great machine @VbScrub.
If anyone needs any hints feel free to reach out.
this is a pretty decent machine.
For anyone who is stuck, here is someinfo to help you.
User:
There is a lot of data which comes through and it can be easily missed. I piped it to a file and then search for keywords. i.e: keywords for RESET can be reset or RST or rst as an example.
Once you have that, then use it but do something before that.
I SPENT 2 DAYS ON ABOVE BIT as I wasn’t reading thorough enough.
Then once you have that, use it to login to some service where you will have more data.Take it, save it and think about it as a whole.
Once you have then you will be on to next step where you will find some more files but you will also notice you can access some places where you can’t access the parent.
from there, you will have to use some Powershell but at this point, remember the note you found on initial enumeration.
Good luck
Rooted.
It was a fantastic box, thanks a lot @VbScrub !
If you need any nudges feel free to pm.
Fun box, my favorite from @VbScrub maybe because i suffered so much on the previous ones 
thank you dude
First user was the most difficult for me. Too much data to sort ! My grepFu was rusty on this one.
Don’t have any input, the thread is spoily enough XD
Don’t hesitate to PM if stuck
Really enjoyed this box. Root complete!
Rooted
Have to say I’m not a huge fan of windows, but I did love this box. The rating is fair and accurate and I learned a ton especially for someone who is not that familiar with AD Attacks or RE. Props to @VbScrub for making the box and @unmesh836 for the hint.
Foothold:
Once you get a list of Users go somewhere else, enumerate other ports likely to have info on users. If there is a lot of data, grep is your friend.
user:
Look around, there is an interesting file, look at everything you have carefully, don’t gloss over what you find. After that its a simple google search to get what you want.
Root
1st Step: Essentially just RE, take a look around the program and remember, libraries are important
2nd Step: Remember something you may have found early on. Everything is Temporary but we can still get info on those who have left us.
PM If you need additional hints
Just wanted to pop in to thank @VbScrub for the awesome box. That was really cool and I had to do some things I had not done in quite a while (involving C#).
@Maglok no problem
I was trying really hard not to ask for help, but i have been stuck for about three days. I have all 3 users, but i cannot get execution via SB or W**M for any of them. I have gone back through my enumeration, and tried to manually connect and run PS commands but i get authentication errors / access denied errors. Could anyone PM me and give me a slight nudge? Thank you!
edit : got user! i was derping on syntax. now on to root! thank you everyone who responded.
Just rooted this box. As I have mentioned earlier, it was a great pleasure to root this box. Keep up the good work @VbScrub! Already looking forward to your new boxes!