< Back to Phantom Track Curriculum
Phantom Track

Level 21 → Level 22

The Breakout
ACT IV860 pts+50 first-blood bonus
First Blood: @galile0

Mission

Escape to the simulated host via a mounted container-runtime Unix socket — create a workload that bind-mounts the host root and reads the flag.

Why this matters in 2026

A mounted container-runtime socket is a classic misconfiguration and one of the fastest escapes in modern cloud-native stacks.

Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.

Connection Terminal

Use the password for phantom21 that you captured on the previous level, then:
ssh [email protected] -p 2223
SSH command copied to clipboard!

Flag Submission

Log in to submit flags and track progress.
🩸
First Blood captured by
@galile0
ACTIVE RECORD