Find the user for the WinRM service and crack their password. Then, when you log in, you will find the flag in a file there. Submit the flag you found as the answer.
Here I have a long password list I need a small password list to crack it could you guys give me some suggestions
In the right side you can see the resources download them you will be able to get the resources
if you get at least one user via crackmapexec or hydra we can just enumerate there how many users are there net users and net localgroup "Remote Desktop Users". We can then use this list of users and brute force with the password list provided
I was able to find the user and password but I am not sure where to look for the flag
wish I had seen this sooner 
By Default you are in the Documents folder, cd out of that and look at other common directories.
can you expand on that please? Im confused in how to do so
For every one who is stack here. So one tricky part is that when you download resources you need to call crackmapexec dircely from unzip folder. So its suppose to look like this : crackmapexec winrm (Target IP) -u username.list -p password.list .
When you get user and pass use it for evil-winrm. Flag is on users Desktop.
BR.
I’ve unzipped the archive and did exactly what was shown in the academy, still cant seem to find the username and password
I haven’t found it yet either. Did you find it?