Qcow2 images ship with two accounts, user / user for the user account,
and root / root for the root account. Each archive has a corresponding
“boot” shell script for starting the virtual machines.
The kernel.core_pattern is set to /var/lib/coredumps/core.%e.%s.%p, so
check in /var/lib/coredumps for the final levels, if exploiting over the
network.
Files to be exploited reside in /opt/phoenix/<architecture> (e.g. amd64, i486, arm64, amd, etc)
SUID files won’t create a core dump, so make a copy of the files as needed for exploit development purposes.
Some levels may only be exploitable on certain architectures due to various reasons - I’ve tried to make note where this is the case. If I’ve missed a level, please let me know.