Very cool Windows box. Thx @egre55
For foothold earlier in the topic there is an excellent article from OWASP. The next user is very simple, just enumerate .
Root tip: there are several versions of the smb protocol if you need to copy something from your machine. And there is a ready-made exploit (with screenshots from HTB in article 
) already in the form of an application that just works and gets the password.
As usual, PM for hints.