Mission
This challenge places you inside a container that has the necessary privileges to mount kernel control interfaces. A specific kernel feature in an older interface allowed containers to register callbacks that the host kernel executed when processes exited. To solve the challenge, use that feature to run a command as host root that writes /flag-host, then read /flag.
Starting toolkit (you may need more)
mountechoWhy this matters in 2026
This is the specific 2022 container escape that every container security course still teaches — not because it is common anymore but because the mechanism shows how a single kernel interface leak breaks every subsequent isolation layer. Understanding it is a prerequisite to reasoning about modern runtimes.
Mitigation era: legacy-2022 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom15 that you captured on the previous level, then:
ssh phantom15@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.