Thank you @MinatoTW for this box, it was super realistic and fun!
As other have said:
Foothold: you don’t get/won’t need a shell on the box for foothold
User: Enumerate all you can. Grab every username you can find. If you happen to find any passwords, the internet is your friend.
Root: I got stuck here for 3 days. Reading the comments really helped. No exploitation needed here, no guessing required. It’s all in your memory and environment.
Need a hint on a user please
Got probably 2 users and 3 passwords(from hashes)
Tried doing r***p.py and got 315 endpoint (WTF even is that?) and also tried lk****d.py, nothing.
help
UPD: got 9 users now, saw 3 share-folders, but no clue what to do next. PM me please