Finally rooted. Thanks, great box for AD pwn learning. Takes long time mostly because builtin instruments are not work for me. I took the first creds in 10 mins and waste over a 4 days for Dog troubleshooting. After this, i found than module of p*sploit, what i need exist only in documentation.
For user:
Any tool for enum windows machines, im****et, evil transport
For root:
Dog, basic cmd user command, powershell (for me), im****et, evil transport
Some tips:
Don’t use builtin Dog, use from repo.
■■■■ slash/backslash! When you pass domain
-user
pair in im****et you need use /
, when you pass it in powershell, you need use \
, when you pass it in evil transport, don’t use domain and slash at all.