Thanks to @ctrlzero for a great educational box.
To those that are really stuck, here are my hints:
Foothold: Basic enum (make a note of WHAT you find), cracking, googling how to use it.
User: As already mentioned, look into the past. Use what you find to reconnect (I used a GUI tool) and search for “it” (recall what you found earlier). Again, google will help here.
Root: Reconnect with “it”. Done.
To the mods, if I have given away too much please remove it.
hi ive got the .p** file any nudges, tips on what program to use to D****** it?
thanks in advance!
Hi peep, sogeking here, the brave warrior of the sea. …(* ̄0 ̄)ノ
As usual, I’m here to help the commumity. I see many people have already posted enough hints in the blog so I’m not gonna do that again.
Feel free to PM if you want a more clear hint, but please breifly sum up what you did so far and where you stuck.
Also feel free to PM if you just want to discuss a specific subject or a tool usage, etc.
I can’t spawn Timelapse no more… I am connected to VPN but it says “Machine is on Release Arena.”
Can anyone check it up?
Edit : It was moved to “Machines”, that’s why it was dead.
I’ve gotten the p** file and have the k** and c***, but am completely stuck on what to do next… Been trying loads of ldapsearch and researching switches… Maybe I’m barking up the wrong tree
Any nudges would be greatly appreciated.
search how to use it.
AD enumerate is waste of time for this box, although the last step involves specific AD query.
(i wasted a lot on it trying switching from user to another account for root, until reread hints from this post)
Anyone had issues with John working with the p** file? Mine keeps saying no password loaded.
Got zip file from a certain service on the host but john+rockyou cannot give me a password to unlock the file. Am I still on the right track?
For @blanktix & @0xZetta are you using Johnny with the good hash ? before try BF the file you need to get the correct hash 
Fantastic easy box @ctrlzero
User: Basic enumeration should get you the interesting item. Figure out how to use it properly
Priv esc: a favorite script will show you the way
Root: I used bloodhound but totally unnecessary
If you’re stuck feel free to reach out, but please let me know where you’re stuck and what you’ve tried
hi all
so, new to this, hence asking… ive probably missed somethindg in my recon, s******** to /D** and found a .p** file, used z2****, but blank when i try to create .p and .c**, confirmed i couldnt import in to b********* without a pa******, so ive missed or not found this…
if anyone could dm a point, that would be great!
That is a very cool machine . I struggled a bit with the foothold ,kind of misinterpreted the info I got after obtaining the thing and decrypting it .But after a little nudge from @cmoon, @ooscubyoo kind of realized that I was doing it wrong. Once I figured it I got foothold. Then after running the usual enumeration script I found the way to actually read smt more and read the root flag . So i didnt have to do priv esc .It was more like using the info from the tool to read smt related to the thing we found in the beginning. So if anyone is stuck feel free to PM .
I really enjoyed this box 
Reusing things takes you higher, by the way.
Hi, it’s being a long day with this machine and still stuck in the beginning. I have that file that we have to transform from .*** to .*** not spoiling the extension. Already now it’s not crackable since i have tried the whole rockyou. Seriously need a path to investigate, appreciate if someone can enlighten me.
can somebody give a tip ?
i got some users and passwords, what i need to do now ??? help me pleaseeeee
Hi,I’m a noob at Windows. I’ve get .p** file but I can’t decrypt it. Are there any useful tips? I will be grateful!
Stuck with p** file need help for solving this
There is a tool that would allow you to split the PFX into two parts. Those two parts can be used further. *Please remove if it spoils too much…
I’ve been stuck for a long time, I’ve got the .p** file and split it into * separate files - but I’m very very unsure what I use them for. Any nudges/hints would be greatly appreciated.
you can crack this with kali out-of-the-box, or download a utility to do it in a single step (DM me for more info on this). If you just want to stay with Kali (or probably ParrotOS too), think of one of the most popular cracking tools… With that in mind, think of first converting the .p** file to a format for that cracking tool.
Hint 1: You may have used this tool to crack the initial zip file. If so, repeat the process for the .p** (convert, then crack)
Hint 2: The convert tool ends in .py, so you can LOCATE it using the full name p _ _ 2 _ _ _ _.py
I’m trying to keep this fun without spoiling, so if this is still no help, DM me and I’ll happily explain in better words