You don’t need to restore/revive anything. Think about it. If you did that, it would ruin the machine for everyone else because now they would just have access to that thing straight away. So a HTB machine can’t be made with something like that as the solution.
Having said that, you’re on the right track. Just inspect the item instead of trying to restore it.
thanks @VbScrub . i got root.txt, as you said, very easy. @Hevve18 just only enumeration, i think you saw it. but you just need one more parameter, show it. VERY GOOD MACHINE.
Rooted, I’ve Done, I’VE DONE IT!!!
for god sake @VbScrub !! why did you make me suffer for while haha
Thanks for this box, I learned a bit of patience and some reverse powershell 
First user is hardest because of the uncertainty and the confusing nudges, READ EVERY THING YOU SEE, YOU NEED TO HAVE EAGLE EYES!
well… I ended up reading +5000 line, line by line and not seeing it hehe
I think people should read focus on the important information, not “everything”.
Type your comment> @kwl6b776c said:
@VbScrub it was like a journey! Great opportunity to master tools like powerview, ldapsearch, some decompilers and much more… even if not every of them are necessary for this box.
Can you elaborate more on the powerview part, when did help you?
User owned, root let’s go
I found mr T’s creds and entered a service. However, I keep getting NT_STATUS_INVALID_PARAMETER listing \* when trying to list anything in the share. Is this some kind of client misconfig on my end? I just used it the other day with no trouble at all…
To root any hints?
Alright, my earlier error with INVALID_PARAMATER etc is still there but I rooted the box anyway. Got myself a bit of a tunnel vision and forgot that there are other shares to check out… I’m curious to hear if someone got root with ls*h? My active directory knowledge is shoddy at best so I’d like to hear about it 
If someone needs any help, send me a PM and I’ll try my best to nudge you along.
Anyway, terrific work @VbScrub! Your AD basics video combined with this machine taught me a ton
Does EWRM not work for user r.t?
@dsully said:
Does EWRM not work for user r.t?
If it works only you have to look a little more where you found the previous user, but I can assure that it works I got it with a little help
any pointers on how to resurrect? got the stuffs from second visit to the three letters and picked through it with the 3 lites. just not sure what to do next.
@Scarleton said:
any pointers on how to resurrect? got the stuffs from second visit to the three letters and picked through it with the 3 lites. just not sure what to do next.
I think that resurrection was disabled (or you lack permissions to do that). Otherwise, you would be able to spoil the challenge for everyone else 
Research how you can find about more about the thing you are interested in.
Type your comment> @Scarleton said:
any pointers on how to resurrect? got the stuffs from second visit to the three letters and picked through it with the 3 lites. just not sure what to do next.
scroll up a couple of posts and see my explanation.
Basically what @HomeSen said
C:\Users\Administrator\Desktop> whoami
cascade\administrator
Woooo, first box I rooted mostly by myself from start to finish! Thank you for great adventure @VbScrub. I enjoyed it A LOT. Also - your YT tutorials are simply amazing. Great box, although I can’t imagine doing it only with Kali without Windows VM… Enumeration syntax sucks big time… But - we are here to learn, aren’t we?
@VbScrub your boxes make me a better operator. Thanks for putting so much thought into them.
Overall hint: Get your hands dirty and do everything manually
User
Root
Rooted. Thanks to @VbScrub for making such a great boxes. Learned something new about Windows and AD again.
from passive to active
what a great box from our teacher @VbScrub
new trick for AD!!!
Tks
*Evil-WinRM* PS C:\Users\Administrator\Documents> whoami; hostname
cascade\administrator
CASC-DC1
im stuck on user 2… any help? lil nudge? lil nudge there?
EDIT: got 3rd, good God was that gratifying