Exploited Wordpress site with WPScan and brute force into web account. Then gain the initial foothold with common WordPress theme reverse shell. Discover Jenkins and pivot to the service to get the root credential.

Enumerate SMB shares, gain foothold by exploiting Jupyter, pivot with SSH key, and escalate priviledge with Runas.

A handy cheatsheet for CTF so I won't have to lose my mind finding the correct syntax.