Mission
Attack the unauthenticated Docker API on TCP :2375 — POST a container-create payload that bind-mounts the host and reads the flag from the returned logs.
Why this matters in 2026
Unauthenticated :2375 still turns up on cloud perimeters and internal networks. Engine-API fluency is the required skill.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
Connection Terminal
Use the password forphantom23 that you captured on the previous level, then:ssh [email protected] -p 2223SSH command copied to clipboard!
Flag Submission
Log in to submit flags and track progress.
🩸
ACTIVE RECORDFirst Blood captured by