I got the same problem. I figured it out by looking and compiling another tool to crack the .p** file.
Hope this helps.
Finally rooted 
!
It has been an amazing box, I learned a lot.
I also spent a lot of time using tools and scripts that werenāt necessary in order to find the key to the priv. escalation.
They key is to make a good enumeration/listing the box when you are in!
can i drop you a dm? i believe im close to root. need some help if youāre available
Sure.
1 Like
Hey,
I am having the same issues. I got the hash and trying to get the cracked hash using john. its taking forever to crack. How were you able to find an alternative to get that hash cracked??
I just got the user.txt but every attemp to enumerate feels useless, feeling stucked i dont really know what to do, tried to use bloodhound but sharphound doesnt work, been seeing some clues of checking what i have already found but i dont really know what else i can do with those files
I cracked the file. but none of the finding works to get in.
I finally got it.
I found my original user flag didnāt work either, I went back after getting Root flag and then re-checked the user flag, was able to submit both in the end.
Great box, thoroughly enjoyed
Thank you @ctrlzero
How to get usernames. Any hints?
not all passwords are reuseable. you need no username before foothold.
exactly but how to get username?
i tried bruteforcing usernames from names.txt of the seclists repository. Found none.
you dont need any username for foothold.
think about what youāve got, and search for its usage.
(youāll find after foothold that it is just in your hand)
1 Like
Hi everybody, iām locked after discovered .pā¦ i found all informations about it but I donāt know how to use itā¦ I tried a lot of stuff but doesnāt work 
If somebody can help ? thanks a lot
Finally rooted!
My first windows machineā¦
If someone needs help feel free to leave a PM!
Foothold: Basic enumerating should really do the trick, if you found the desired, keep cracking
Priv escalation: If you already found the User, while looking in the past there will be no need to enumerate further because of his special ability regarding the machines nameā¦
Hi everyone. I have managed to put my hands on the contents of the user.txt file, but for some reason when I put it in the flag I got in the āsubmit flagā section it alerts me with a polite āflag incorrect!ā banner. Am I just a noob or is it a problem on the site?
Good evening folks. Great box, took quite a while to get user but user to admin was faster. One thing though, I have admin but cannot find the flag. Itās been a while since I hacked a box on here, the flag should still be on the desktop no? or is someone messing ?
You may want to enumerate the user profiles a little more.
Ha! Thanks @ghsinfosec
After the machine got reset there was another profile to be parsed!
I think somone may have deleted it for kicks maybe.
No problem. The joys of abusing boxes! Haha
Gained the root access but couldnāt manage to find root flag. Iām stuck at this point.
Help me.
1 Like