Mission
This challenge places you inside a Kubernetes pod that was deployed with multiple dangerous flags enabled at once. Any one of them would be concerning — together they let you trivially reach the host. To solve the challenge, identify a combination of pod flags that exposes host resources, and use them to enter the host's process namespace and read /flag-host. Write the captured flag to /flag inside your pod.
Starting toolkit (you may need more)
mountnsenterWhy this matters in 2026
Every Kubernetes pentester starts by looking for pods with this specific combination of misconfigurations. It is well documented and directly exploitable, which means defenders must know the exact combination by heart to harden against it — and attackers must know it cold.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom18 that you captured on the previous level, then:
ssh phantom18@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.