Mission
This challenge contains a local authentication service that processes requests with a logic flaw. An unprivileged user can use the flaw to run code as root without any sudo rule at all. To solve the challenge, read /flag. You will need to look up a well-known 2022 local privilege escalation advisory.
Starting toolkit (you may need more)
pkexeclsWhy this matters in 2026
Local authentication services sit on almost every Linux desktop and many servers. Bugs in their request handling become universal privilege escalation the moment they are disclosed — this one was unpatched on most distributions for over a decade.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom5 that you captured on the previous level, then:
ssh phantom5@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.