First Blood Available
Mission
This challenge contains a sudo rule whose command includes a filename pattern. A user who controls the contents of a nearby directory can force that pattern to interpret attacker-supplied files as command-line options. To solve the challenge, read /flag.
Starting toolkit (you may need more)
sudolstouchWhy this matters in 2026
Shell argument parsing rules are subtle enough that even experienced sysadmins ship sudo rules with glob expansion bugs. Every red team engagement finds at least one.
Mitigation era: 2026-04 · rotation policy: levels may be refreshed as CVEs are patched out of distro defaults.
How to reach this level
Use the password for phantom3 that you captured on the previous level, then:
ssh phantom3@phantom.breachlab.org -p 2223
SSH endpoint is being provisioned. Follow @BreachLab for launch announcement.
Log in to submit flags and track progress.