This Try Hack Me room guided users through the basics of web application pentesting. I learned about SMB enumeration and bruteforcing domains. This walkthrough also introduces bruteforcing logins with hydra and once the machine is compromised, elevating user privileges.
Vulnversity walks through how to preform recon on targets and look for possible points of entry for payloads such as reverse shells. On this box port 3333 is running a webserver. After dirbusting the webserver we find a path called internal where we are able to upload php files.