Pour ne pas refaire les mêmes :)

CyberSploit: 1

robots.txt + kernel

CyberSploit: 2

rot47 + password sur site web + docker (GTFOBins)

Funbox3: Easy

easy password/SQL injection + p0wny-shell + sudo (time or pkexec or mtr)

FourAndSix2

nfs + hashcat (7z) + id_rsa (indice avec les images) + less (GTFOBins)

FourAndSix

mount /shared et mount / non exposé

Funbox1

wordpress low password (wpscan), upload shell/ssh user (joe) has same password, bad permissions between joe and funny, crontab executed by funny, reverse shell, put new ssh key on funny, funny member of lxd, (https://www.hackingarticles.in/lxd-privilege-escalation/ : new image, add mapping for root, connect to image. There is a faster way : root crontab run same script as funny :) :) : can modify /root or list flag or whatever, stickbit, add sudo...

Funbox2: Rookie

ftp anonymous, hidden files, list of protected zip, zip2john tous les zip, 2 ont des passwords facile, clé rsa non protégée, user appartient au group lxd, idem Funbox1 pour la suite

Funbox4: CTF

ROBOTS.txt, scroll down, hidden file : upload.php (add extension for dirb), upload shell, check user home, bruteforce with rockyou + ! for thomas and normaly gcc + exploit kernel but no gcc on server....

Quaoar:

wordpress low password or plugin vulnerability (wpscan), reverse shell, wpconfig (root db password), weak root (same as db) or weak wpadmin

Funbox5: next Level

dirb, plugin Request Control sur firefox (for IP redirection)