I found this box difficult, not having done much windows privesc before, and it forced me to review my notes a lot. Enumeration is key here.
Other things that I have learned to be on the lookout for:
- Some things just aren’t very easy to bruteforce, pick your battles
- Sometimes there are bugs in pocs
- Sometimes there are bugs in metasploit modules
Advice for the T********r root: enumerate and google. Go back over your notes from the foothold, find a way that perhaps you’d ignored.