Mission
This challenge places you inside a container that was started with a flag that removes all isolation. The container sees the host's block devices. To solve the challenge, mount the host root filesystem inside the container and write /host-proof on it, then read /flag.
Starting toolkit (you may need more)
fdiskmountWhy this matters in 2026
The single most misunderstood container flag in production makes every subsequent security boundary a polite request. This lab shows why — any attacker with shell access inside a container that has it is root on the host in about three commands.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom14 that you captured on the previous level, then:
ssh phantom14@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.