This was a pretty cool writeup. I’m in the process of completing Legacy that’s a part of my prep for OSCP. One question: did you try to exploit ms08-67 on this box? That doesn’t seem to work. I’m trying that all my writeups/notes include popping up the box with all possible scenarios. Mostly retired machines but more importantly, without Metasploit