After login through ssh, you are using the powershell terminal. You need to type cmd to use the cmd terminal. Then, you can apply where /r C:\ waldo.txt
After login in the target machine I used the following command on the cmd:
type (where.exe /R C:\Users\ waldo.txt)
It returned the flag
thank you for saying this I was suspecting something similar but you really helped me take that step.
This was it for me! This was the problem I had
Running anything without the Admin privileges got me
pattern issues and did not give all directories.
A classic IT mistake on my part 
Here is the answer!!! Thank U!
Making this even shorter:
Get-WinEvent -FilterHashtable @{LogName='Security';Id=4625} | Group-Object {$_.pRoperties[5].value} | Select-Object Count,Name | Sort count -Descending
hi, @wy1d .
Thanks for your command. I used and got 7 account name. But I tried them all and none of them work.
I’m sure, I should do something else.
any hint?
Make sure you’re in the DC(Domain Controller) refer to previous questions where DC is mentioned
thanks. @wy1d for your support .
I finished it.