There are some absolutely terrible “hints” in this thread. There’s also some “wow amazing privesc!” comments which make me wonder…
There is nothing spectacular about this box. User requires some guesses of exactly what’s installed on the machine to get a reverse shell… and when you get to privesc, you need not venture far beyond the desktop to figure it out.
Also, none of the writeups include an actual shell, but once you have creds, impacket can do it for you.
No brute forcing required. Which is a good thing I think brute is a lazy and wasteful method.