This Try Hack Me room guided users through the basics of web application pentesting. I learned about SMB enumeration and bruteforcing domains. This walkthrough also introduces bruteforcing logins with hydra and once the machine is compromised, elevating user privileges.

Ice is the extension to the Blue room. In this room we learn more about windows recon, exploitation and escalation. This box uses a vulnerable service called Icecast which allows us to access the machine using metasploit, then elevate those privileges by abusing a spool process.