Not sure if anyone else experienced this, but one of the passwords can cause issues in shell so you need to feed it into scripts in non-standard way or use them manually.
For root, read the documents carefully and choose correct flag.
This box is actually practical. Believe it or not, I’ve actually had to go through a very similar process the way in which you get Administrator on this box during live testing.
Rooted, a really good box for developing some skills with windows.
Hints for User :
Enumerate everything and use more than one method for getting user creds. rocking with your feline friend can be very useful here.
Hints for root :
Enumerate running processes in combination with the info gathered during user. badwolf comment was useful. Remember its a windows box so you may find it easier using windows native tools within the machine along with creds rather than attempting to use these remotely.
I’m Stuck , Why i can’t enumerate users using lookupsid.py script i only get the domain SID is there’s something missing or perhaps there’s another approach ?