Ghost — Linux & Shell Fundamentals
Ghost is the foundation track of the BreachLab series. Without what it teaches, every other track is locked. This is where operatives are built — not taught.
Who this is for
Anyone serious about real security work. It does not matter whether you have never opened a terminal before or whether you have been writing code for years — if you cannot move through a Linux system like it is your second home, the rest of this industry stays out of reach. Offensive security, defensive security, incident response, cloud, AI security, every single discipline demands the same basic fluency. Ghost gives it to you.
What Ghost makes of you
Twenty-two levels. No hand-holding. No walkthroughs. After Ghost you will not be a beginner any more — you will be an operative with the foundation that every other BreachLab track builds on. Concretely, by the end of Ghost you can:
- Land on a Linux box you have never seen before and get your bearings fast — files, processes, network, users, permissions.
- Handle shell weirdness — filenames with spaces, quoting, pipes, redirection — without panicking.
- Pull secrets out of environment variables, hidden files, and running processes, the way a real responder or attacker does.
- Hunt through thousands of log lines and find the one that matters — the core loop of every SOC analyst on earth.
- Recognise encoded data (hex, base64, multi-layer compression) and peel it apart without writing any code of your own.
- Talk to services over raw TCP and TLS from the command line — no client libraries, no tooling crutches.
- Use SSH key authentication — the way every production server on the planet actually authenticates people.
- Scan a port range, tell the difference between a refused, filtered, and open-but-weird port, and identify what is listening.
- Work inside a restricted environment that tries to kick you out, and still get useful work done — the skill every bastion and container demands.
- Read Linux permissions, including SUID, and recognise when a binary is a privilege escalation opportunity — the bridge into the Phantom track.
- Write your first real script. Automate something you cannot do by hand. The exact moment you stop being a user of other people's tools and start being an engineer.
- Find scheduled tasks (cron) and understand why they are the #1 persistence and privilege escalation vector on Linux.
- Use
gitto dig through the history of a dirty repository — the exact technique behind every real-world secrets leak from 2024 onward and the bridge into the Nexus (CI/CD) track. - Use
/procto reason about what the system is doing right now — the core of modern forensics and fileless malware analysis.
Who we are preparing
BreachLab trains the kind of security specialist that Fortune 500 companies, cloud providers, and national cyber units all compete for and cannot find. Anonymous-level in the literal sense: people who can do what others consider impossible because they have actually done it on real systems, with no walkthroughs and no safety net. Ghost is step one of seven. Finish all seven and you are a T-shaped security operative ready for 2025-2030 — offensive, defensive, and everything modern attackers are already using. This is not a certificate mill. It is a forge.
SSH Information
- Host:
- ghost.breachlab.org
- Port:
- 2222
- User:
- ghost0 (level 0)
- Password:
- ghost0
ssh [email protected] -p 2222
Note for beginners
This game, like most other games, is organised in levels. You start at Level 0 and try to beat each level in order. Finishing a level gives you the password (and a flag) for the next level. On the platform, the page for each level tells you its points and whether you or anyone has solved it yet.
There are several things you can try when you are unsure how to continue:
- First, if you know a command, but don't know how to use it, try the manual (
man <command>) by enteringman command. For example,man lsto learn about thelscommand. - Second, if there is no manual, the command might be a shell built-in. In that case use the
helpcommand (e.g.help cd). - Also, your favorite search engine is your friend. Learn how to use it. Pick a query that teaches you something rather than one that hands you the answer.
- Lastly, if you are still stuck, you can join the community — but do not spoil levels (see rules).
You're ready to start! Begin with Level 0 using the SSH Information above. Good luck!
Levels
| # | Level | Points | First Blood | Status |
|---|---|---|---|---|
| 0 | First Contact | 100 | FIRST BLOOD AVAILABLE | — |
| 1 | Name Game | 120 | FIRST BLOOD AVAILABLE | — |
| 2 | In The Shadows | 140 | FIRST BLOOD AVAILABLE | — |
| 3 | Access Denied | 160 | FIRST BLOOD AVAILABLE | — |
| 4 | Signal in the Noise | 180 | FIRST BLOOD AVAILABLE | — |
| 5 | The Listener | 200 | FIRST BLOOD AVAILABLE | — |
| 6 | Ghost in the Machine | 220 | FIRST BLOOD AVAILABLE | — |
| 7 | Lost in Translation | 240 | FIRST BLOOD AVAILABLE | — |
| 8 | Something's Running | 260 | FIRST BLOOD AVAILABLE | — |
| 9 | Noise Floor | 300 | FIRST BLOOD AVAILABLE | — |
| 10 | Binary Strings | 330 | FIRST BLOOD AVAILABLE | — |
| 11 | Wrapped Three Deep | 360 | FIRST BLOOD AVAILABLE | — |
| 12 | Key Not Password | 390 | FIRST BLOOD AVAILABLE | — |
| 13 | Port 30000 | 420 | FIRST BLOOD AVAILABLE | — |
| 14 | TLS, Not Plaintext | 450 | FIRST BLOOD AVAILABLE | — |
| 15 | Port Range | 480 | FIRST BLOOD AVAILABLE | — |
| 16 | Diff | 510 | FIRST BLOOD AVAILABLE | — |
| 17 | No Shell For You | 540 | FIRST BLOOD AVAILABLE | — |
| 18 | Wrong User | 570 | FIRST BLOOD AVAILABLE | — |
| 19 | Your First Script | 600 | FIRST BLOOD AVAILABLE | — |
| 20 | Cron Discovery | 630 | FIRST BLOOD AVAILABLE | — |
| 21 | Git Archaeology | 660 | FIRST BLOOD AVAILABLE | — |
Log in to submit flags and track progress.