Type your comment> @idomino said:
I’m trying to ask this as cryptic as I can, please mark it spoiler if too much. So I managed to use a user/pass pair in a service where I was surprised I can only access ****** and can’t access D**********, found new information in ****** that I’m not sure yet how useful it is. Is that the way?
Edit: sorry was an idiot, got the user flag
Edit2: aaaaand it was decided that the ‘patch’ will reset all progress… not cool.
I didn’t find the user reset to be that bad actually… It was almost the exact same thing, you just couldn’t abuse the original tool and wordlist.
Edit: Rooted. Pretty tough box, especially after those user runs. Happily learned quite a bit from this one.
Foothold: Refer to @clubby789 as his comment is spot on here. The bypass isn’t as difficult as you think. Once you know how to bypass the WAF, enumerate away!
User: Your username wordlist may be a bit too short right now… Try harder 
Root: AD is a monster. Send the hounds. Common enumeration/privesc techniques should be enough to get you through this one.