βββ βββ ββββββββββ
ββββ ββ β β ββββββ βββ
ββββ ββ β ββββ ββ
ββββ β β β β ββββ β
ββββββββββββ βββββββββββ
β βββ βββ β ββ β βββ β
β β β βββ ββ β β β β
β β β β β β β
β β β β β
β
ββββββ βββ βββ ββββββ βββ ββββββ ββββββββββββββββββ ββββββ
ββ β ββ β β ββββββ βββββββ ββββ ββββββββ βββ ββββ β βββ β βββ
ββββ ββ β βββββ ββββββββ ββββ ββββββββ ββββ ββββββ βββ βββ β
βββ β β β β β βββββββ βββββ βββ ββββββββ ββββ β βββ β βββββββ
βββββββββββ ββββββββ β ββββββββββ βββββββββββ ββββ β βββββββββββ ββββ
ββ ββ βββ β ββ βββββ β ββ βββ ββ ββββββ ββ β ββ ββ ββ ββ ββ ββββ
β β βββ ββ βββ β β β β β β β ββ β β β β β β ββ β ββ
β β β ββ β β β β β β β β β β ββ β
β β β β β β β β β β β β
BY: KimSchulz
Simple script to exploit the well-known privilege escalation via lxd/lxc.
The script can be used in multiple ways:
- With local lxd image using --image/-i [IMAGEFILE] option
- With remote lxd image using --url/-u [IMAGEURL] option
- With embedded lxd image by first embedding it using --arm/-a [IMAGEFILE] on attacker box and then run without args on victim box.
The user that runs the script during exploitation will have to be in the lxd group on linux in order for it to work.
You can arm the script with an image without being in the group.
The script is self-contained and only rely on python3(.5+). Just download it from here and arm it with your favorit lxd image (or use one of the other methods).
You will need an lxd image file. You can either use the provided one which is a simple Alpine image or you can roll your own via the LXD Alpine Builder.
There are really no special requirements for the image, but Alpine is small and works. It will add around 4mb in size if embedded in the script with the arm feature.
Feel free to send me any comments or ideas for this script. I will be happy to integrate pull-requests if you have some improvements.