Finally got root flag on this one. Have not managed to get shell and still going to try.
huge thanks to @DarkNight2019 @cyberus and @N0ur5
Really enjoyed this one and I have learned a lot about the windows priv esc.
Trying to get into the SMB service. Tried all the tools and scripts mentioned in the last 14 pages, downloaded them from multiple places (GitHub, repos), no dice. Like others have said, anonymous login/null session doesn’t seem viable. Am noob, mostly Linux experience. Windows hacking is another world to me. Hints would be greatly appreciated.
Kind of a n00b here so I could use a hint. I have a UN and PW for ML from a certain file and I’ve tried DR and ML enumeration and X********L and **C Enumeration and I’m getting nowhere after double digit hours on this box. Probably missing something simple to a proper admin.
Still stuck in the same spot. I have re***g user and pass from the XM file macro, but I can’t use it to login on SL, SB, or anything I’m seeing. I feel like I need to enumerate more, but I’m not sure what else I haven’t tried. Hints and tips appreciated
Just got a login into ml. Now am trying to use x*****e to get a connection back so I can capture the ntlm hash. I can’t seem to crack the hash for m*******c user. Anyone I can pm?
Type your comment> @mrblue said:
Just got a login into ml. Now am trying to use x*****e to get a connection back so I can capture the ntlm hash. I can’t seem to crack the hash for m*******c user. Anyone I can pm?
PM me with what program you’ve tried and what is the syntax, might be able to help 
Ah! I thought that m******c user might be important! xdaem00n, can I PM as well?
Please, can anyone PM me ? I have a small problem with M***L part, especially when it comes to use a proper command to call home with some hash.
Finally got user
Alright, been stuck on privesc for several hours. Able to execute commands via XP, but honestly lost on where to go from there. Can’t seem to establish a reverse shell of any kind.
Yes, this the same here. I am able to execute commands, but no reverse shell for me 
If someone PM hint, please.
finally i got a shell reverse on M* ***. but i dont know how priv. any tips for me?
edit:
i have root now. thanks PavelKCZ
Okay, finally found some shares. Only tool that worked for me out of the dozen I tried was a Metasploit script, which I’m trying to avoid due to the OSCP restrictions. Really interested in what everyone else used. Found Rep****, but still can’t log in. I know this is probably ridiculously simple, but I’m stumped. Can I get a PM, please?
Finally - own root. Wow, nice box, it took me almost two days (with breaks and sleep of course).
Thx to byth22 for hints about uploading. Also thx to daem00n for hint about reverse shell and thx to lattethunder for brainstorming
And of course Big THX to box creators. I learned a lot about M***l and Powershell.
At long last, I have SMB access. Had to reinstall smbclient from the Kali repos (I usually use Debian) and run the command a few times until it worked. Minor issues causing major headaches and all that jazz.
Hey, I am stuck on root. I am very new to windows prives plus I cant get any reverse shell, any help please? DM
Edit: Got root , Great box learnt so many new things and thanks to @PavelKCZ for helping me getting to root.
Got root. Nice machine.
Spoiler Removed
Got root with hints from @mava, @DarkNight7, and a huge huge help from @PavelKCZ !!
I never did get a root shell though. Would someone mind PMing me if they did with how they pulled that one off? Tried a few different things but none quite took. Ended up using a workaround to get the flag.