Read my writeup to Soccer machine
TL;DR
User:
Using gobuster we found /tiny URL path, Found default credentials for tiny, Upload PHP reverse shell using tiny portal and we get a reverse shell as www-data, Found nginx configuration with vhost soc-player.soccer.htb, On this vhost we found WebSocket to port 9001, Found SQLi, Using SQLi we get the credentials of player user.
Root: Found that permit nopass player as root cmd /usr/bin/dstat, Create our python reverse shell dstat plugin, Run it using doas and we get a reverse shell as root.