I wrote a post a awhile back on how to retrieve and crack active directory hashes but the entire process is manual.  I had this bright idea that I'd automate the Windows side of it using PowerShell.  In my mind, I had the general flow -- create a directory for the files, create a shadow copy, copy the ntds.dit file from the shadow copy, expert SYSTEM from the registry, and then clean up the mess after I get my files.  Funny thing happened, the part where I copy from the shadow copy didn't work.  Turns out, PowerShell doesn't all you (or doesn't easily allow you) to access the shadow copy.

The description states:  "Difficulty : Intermediate ~ Hard.  There is one intended way to get low privilege user and two intended ways to get root shell.  Getting root using the easier way : Use anything you have.  Getting root the harder way : Only use what's in the /root/"

Admittedly, I got root the first way I could find and I lost interest in the "harder" method.  I think I know what I'm supposed to do but I already have root so...

I grabbed a batch of files from Vulnhub but a few of them did not work with Virtualbox.  Could be me or it could be the file.  Alas, you can't expect much when you're not paying so I just moved on to the next until I found one that worked.  My File Server did work but it does not have a description.  I would call this box on the easy side but there are a lot of moving parts which can cause you to follow some different directions.  I don't want to say to much so let's get at it...