Hack The Box Blunder:

webapp brute force login -> bludit CVE -> reverse shell -> find and crack hash to pivot to user -> /etc/sudoers “!root” CVE -> root