TryHackMe
Anonymous - TryHackMe Writeup
This room exploits a vulnerable FTP port left open, exposing a script that can be overwritten. Privilege escalation is also included using the famous GTFOBins to gain a root shell.
CMess - TryHackMe Writeup
This room includes some interesting techniques like fuzzing subdomains, exploiting Gila CMS upload features and an interesting priv esc technique using tar and the checkpoint feature.