Again i am replying my own question 
, but of course thanks for little tips at the road…
For .enc file decrypting: after found a candidate password, i was not knowing anything about this description aim. I was using that password at website, ssh or other services. So if you are at same position, read about those decryption purposes and what is that password should be used for???
For privesc: it was a different environment and different shell type for me. For this box, “most didnt like part” for me was finding credential of d***** ssh user, i hope there is another way of finding this password, after that i didnt read root.txt with Poison like method, i worked locally and drink some h2o i tried Poison like method but i couldnt execute any commands from my own remote box, we can discuss our methods if anyone PMs. Thanks for this box, it was a long journey @mrh4sh 
@Wainright said:
finally decrpting .enc file is done but then what ?!?!I have tried to login web interface and/or ssh with default usernames and found password but no luck!! Is that password maybe wrong? but i have tried at decryption process all type of d***** at that tool and i found just one password.
What is happening ?
