Mission
This challenge contains a binary with a file attribute that lets it trace and modify other processes. An unprivileged user can use it to inject code into a privileged process that is already running. To solve the challenge, cause the running root-owned service to write /flag to disk. The service's PID is listed in /var/run/target.pid.
Starting toolkit (you may need more)
getcapgdbWhy this matters in 2026
Live process injection is the fundamental primitive behind every memory-resident implant and every red-team persistence trick. Understanding how a debugger attaches to a running process is the doorway to every advanced post-exploitation technique.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom8 that you captured on the previous level, then:
ssh phantom8@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.