Mission
This challenge gives you the ability to influence the configuration of a fresh container being started by a vulnerable version of the runtime. The configuration contains a field that, if set to an attacker-chosen path, causes the container's initial process to start with its working directory on the host filesystem instead of inside the container. To solve the challenge, exploit this to read /host/root/flag from the host and then write the captured flag to /flag inside your container.
Starting toolkit (you may need more)
lsWhy this matters in 2026
This is the 2024 headline container escape — the pattern is file-descriptor leakage across a boundary, and its unique quality is that no amount of capability dropping or seccomp hardening prevents it. Understanding how the leaked descriptor survives the pivot-root is the single most important modern container security lesson.
Mitigation era: 2024-01 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom17 that you captured on the previous level, then:
ssh phantom17@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.