Mission
Set up an SSH -L local port forward through ops@mgmt using the ed25519 key on ~/.ssh/id_ed25519_ops. The flag HTTP service on mgmt is bound to 127.0.0.1:8080 only — no tunnel, no flag.
Why this matters in 2026
Pivoting turns one shell into network-wide access. Localhost-bound services behind a bastion are the exact pattern every real engagement hits.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
Connection Terminal
Use the password forphantom16 that you captured on the previous level, then:ssh [email protected] -p 2223SSH command copied to clipboard!
Flag Submission
Log in to submit flags and track progress.
🩸
ACTIVE RECORDFirst Blood captured by