I got root and now know what the uncles is all about. Only my second root. I had a ton of help a long the way from @AzAxIaL @ChiefCoolArrow and others. Thanks so much. Learned a TON.
Already got access to S** but I am struggling to connect to the ML … I know I should set it with WS A**********N but not sure why none of the programs are working 
… is it possible that someone could DM me? 
I am losing my mind haha
Great box! Thank you creator!
Im struggling to escalate privileges since 3 days, can someone help me or PM please cuz the box is driving me nuts ! Thanks
FINALLY got the Uncles! I was overthinking this, as usual. If you find yourself stuck on where to look, think about useful locations of interesting files.
OK so I’ve found two web services and lost hours running dirbuster on both without finding a thing. SMB doesn’t appear to allow any enumeration by anonymous users. There are a lot of hints for later in the game, can anyone drop a hint where I should be looking for this credentials file?
same as above, struggling with foothold
Thanks all, some hints have sorted this.
Thanks, Giddy
I found the clear text password to the Administrator account. I’m now trying to find a way to use those creds via the x*_c*******. This shouldn’t be the part I’m stuck on!!! Haha this is a great box. I tried using the ru*** command but that doesn’t accept passwords. Then I Googled around and saw some people were getting to it to work with < pass.txt but I can’t!
This is an awesome machine! I believe I am about to root it … if it wasn’t for the people restarting it every 5 minutes lol 
thx to @Nofix for the tip 
Have the password ‘$’ and i think the correct user for the S** . But still getting Access Denied, could someone please PM me as this is driving me mad now.
I have the M**** credentials and managed to get access via both i******* and d******. I’ve been stuck for 2 days and can’t seem to figure out how to proceed. The next step is to somehow escalate the privileges of the r******** account and get x*_c******* execution correct or am I going down a rabbit hole?
this machine fucked my life up but it is now ROOTED!
Type your comment> @PlusOne said:
Have the password ‘$’ and i think the correct user for the S** . But still getting Access Denied, could someone please PM me as this is driving me mad now.
same boat, I tried to enter it when prompted instead and still login failed. help?
I have used almost all tools for enumerating smb ports (nse scripts, metasploit modules, e4lx, s*lient, rlient and ***map) but I can’t seem to find any info about any open shares or any files that have creds when trying to enumerate as anonymous.
Need to know what I am missing, can any one pm me some hints
Type your comment> @carreraSlr722 said:
I have used almost all tools for enumerating smb ports (nse scripts, metasploit modules, e4lx, s*lient, rlient and ***map) but I can’t seem to find any info about any
I don’t know if there’s some sort of tooling issue or sometimes the box just needs a reset, but I had the same problem and thanks to a hint, well it’s right in your face with one of those tools.
Type your comment> @carreraSlr722 said:
I have used almost all tools for enumerating smb ports (nse scripts, metasploit modules, e4lx, s*lient, rlient and ***map) but I can’t seem to find any info about any open shares or any files that have creds when trying to enumerate as anonymous.
Need to know what I am missing, can any one pm me some hints
I have the same issues and I used different tools to enumerate but most of them report access denied even after a reboot. Any tools that someone can help me with? please PM me
I got an admin shell! I had a lot of fun rooting this machine! If you have any questions send me a message. I would also like to talk to other people who have rooted it and see how they did it as well.
Initial Foothold
The user tracks in this thread are very good, I would like to mention that if you can not capture what you need, use the tools of the distribution, strangely I had the problem with a tool cloned from GitHub that made me lose time xD
Root
Honestly, the best clue to get the administrator, search Google, run and get the famous “uncles” …
Type your comment> @Malone5923 said:
A subtle hint for root.
It is not very complicated, it is really not necessary to break your head with the antivirus to obtain a low privilege shell and follow the privesc …