So I have the username but the well known scripts are not providing back what i would expect based on the result presented. Wondering if someone could give a nudge there if I am on the right or wrong track. I feel like i should be getting something back…
Type your comment> @pegasys14 said:
After reading this entire thread and some help getting the user 1, I have managed to root this box. One thing I thing I must have missed is the permission difference between user 1 and user 2. I ran whoami /all and a dsquery user -samid user | dsget user -memberof -expand but could not see any differences unless I missed something.
Same here. Did you find the answer to this?
Hi, can someone give me a hint i found 2 usernames and no way to get the password. bruteforce didnt work. Thank you
Thanks @egotisticalSW, great box and learnt alot!
My first WIN box
After 2 days i finally got user.
Conclusion i’ve made after that ■■■■: windows is the worst thing that has ever happend to me.
I was working on this box a few days ago, and some remote management tools were acting real flaky, but I could connect and sometimes do things for a bit. Came back to it this weekend hoping to finish it off, but I can’t even seem to connect with those tools anymore. Even after a few resets just to be sure.
I’m on VIP, so it shouldn’t be an issue with other people messing with things. Does anyone have any ideas?
Edit: Nevermind. I reset it (again) and everything suddenly worked just fine!
Rooted ! 
Rooted,
Thank you @4t0ys3d and @n00py for your help.
used both the pocket and the cat after some struggling. The dog got me confused.
User 1: Naming conventions and i*****, Check your users with 3 h***ed dog first
user 2: look around, enough hints here to help ( RTFM pg 16 )
Didn’t quite understand why getting to root worked, will try to better understand it now. ( understood it in forest but curious if the user was meant to have those privileges )
root:make sure your syntax is good, either switch shells and try a cat or use some nice pocket full of tools
Thank you @egotisticalSW for the box I really learned alot about AD, and got more to learn
PM if you need a nudge
( if i gave to much away do what you need to )
hard to guess the correct user, maybe someone can give a small hint.
Type your comment> @antares341 said:
Type your comment> @pegasys14 said:
After reading this entire thread and some help getting the user 1, I have managed to root this box. One thing I thing I must have missed is the permission difference between user 1 and user 2. I ran whoami /all and a dsquery user -samid user | dsget user -memberof -expand but could not see any differences unless I missed something.
Same here. Did you find the answer to this?
I haven’t as of yet. I will take another look at the box and recheck the permissions on both users. If I do get to the bottom of it I will drop you a PM.
Type your comment> @pegasys14 said:
Type your comment> @antares341 said:
Type your comment> @pegasys14 said:
After reading this entire thread and some help getting the user 1, I have managed to root this box. One thing I thing I must have missed is the permission difference between user 1 and user 2. I ran whoami /all and a dsquery user -samid user | dsget user -memberof -expand but could not see any differences unless I missed something.
Same here. Did you find the answer to this?
I haven’t as of yet. I will take another look at the box and recheck the permissions on both users. If I do get to the bottom of it I will drop you a PM.
will send you both a PM with explanation
Rooted thanks @thePtrPn
im super stuck on this one, been researching for like a week and have some questions about windows via linux etc… if anyone has time to message me I have a list of questions.
finally got user:-
Thanks @cyberafro for help
got both users, got hash for user A pass via s*********p, but can’t crack it with john/cat. Quite stuck here, please send help
Rooted a very nice and informative machine for Active Directory attacks and tools required.
User1: Just think professional and Impacket will be your evil best friend.
User2: Enumerate more and you will win the second user.
Root: Enumerate more with the second user and use more tools in impacket.
Any more help required. Feel free to pm!!
Got root
again thanks @cyberafro
got user! 
thanks @thePtrPn for your hint about the preauth
heading to root now, I think I already found a toaster that could do the trick… 
Finished Sauna today, it was a long ride . Got to know a new tool, take every pea you can find.
If you have some problems let me know, i will give u a hint.
brb. I’m going to the sauna with them, counting their money