Mission
This challenge contains a user database file that is world-writable through a misconfiguration. An unprivileged user can craft a new entry and add themselves as an additional root-equivalent account. To solve the challenge, read /flag.
Starting toolkit (you may need more)
opensslcatWhy this matters in 2026
Ancient Linux lets you log in as any account listed in a single flat file. If an attacker can write that file, the authentication system is a suggestion. Real CTFs still find this in legacy images and embedded systems.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom10 that you captured on the previous level, then:
ssh phantom10@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.