Getting started

Qcow2 images ship with two accounts, user / user for the user account, and root / root for the root account. Each archive has a corresponding “boot” shell script for starting the virtual machines.

Configuration notes

The kernel.core_pattern is set to /var/lib/coredumps/core.%e.%s.%p, so check in /var/lib/coredumps for the final levels, if exploiting over the network.

Files to be exploited reside in /opt/phoenix/<architecture> (e.g. amd64, i486, arm64, amd, etc)

SUID files won’t create a core dump, so make a copy of the files as needed for exploit development purposes.

Exploitability notes

Some levels may only be exploitable on certain architectures due to various reasons - I’ve tried to make note where this is the case. If I’ve missed a level, please let me know.