Mission
Reach the secret THROUGH the host-init process's /proc view: cat /proc/<pid>/root/opt/host-ns/host_secret. The verifier audits bash_history for the /proc/<pid>/root pattern — direct cat of the file does not count.
Why this matters in 2026
hostPID visibility + /proc/<pid>/root/ is the core of every pod-to-host escape in K8s. The technique is the whole lesson.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
Connection Terminal
Use the password forphantom24 that you captured on the previous level, then:ssh [email protected] -p 2223SSH command copied to clipboard!
Flag Submission
Log in to submit flags and track progress.
🩸
ACTIVE RECORDFirst Blood captured by