██▓ ▒██ ██▒▓█████▄
▓██▒ ▒▒ █ █ ▒░▒██▀ ██▌
▒██░ ░░ █ ░░██ █▌
▒██░ ░ █ █ ▒ ░▓█▄ ▌
░██████▒▒██▒ ▒██▒░▒████▓
░ ▒░▓ ░▒▒ ░ ░▓ ░ ▒▒▓ ▒
░ ░ ▒ ░░░ ░▒ ░ ░ ▒ ▒
░ ░ ░ ░ ░ ░ ░
░ ░ ░ ░ ░
░
▓█████ ▒██ ██▒ ██▓███ ██▓ ▒█████ ██▓▄▄▄█████▓▓█████ ██▀███
▓█ ▀ ▒▒ █ █ ▒░▓██░ ██▒▓██▒ ▒██▒ ██▒▓██▒▓ ██▒ ▓▒▓█ ▀ ▓██ ▒ ██▒
▒███ ░░ █ ░▓██░ ██▓▒▒██░ ▒██░ ██▒▒██▒▒ ▓██░ ▒░▒███ ▓██ ░▄█ ▒
▒▓█ ▄ ░ █ █ ▒ ▒██▄█▓▒ ▒▒██░ ▒██ ██░░██░░ ▓██▓ ░ ▒▓█ ▄ ▒██▀▀█▄
░▒████▒▒██▒ ▒██▒▒██▒ ░ ░░██████▒░ ████▓▒░░██░ ▒██▒ ░ ░▒████▒░██▓ ▒██▒
░░ ▒░ ░▒▒ ░ ░▓ ░▒▓▒░ ░ ░░ ▒░▓ ░░ ▒░▒░▒░ ░▓ ▒ ░░ ░░ ▒░ ░░ ▒▓ ░▒▓░
░ ░ ░░░ ░▒ ░░▒ ░ ░ ░ ▒ ░ ░ ▒ ▒░ ▒ ░ ░ ░ ░ ░ ░▒ ░ ▒░
░ ░ ░ ░░ ░ ░ ░ ░ ░ ▒ ▒ ░ ░ ░ ░░ ░
░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░
BY: KimSchulz
Simple script to exploit the well-known privilege escalation via lxd/lxc.
The script can be used in multiple ways:
- With local lxd image using --image/-i [IMAGEFILE] option
- With remote lxd image using --url/-u [IMAGEURL] option
- With embedded lxd image by first embedding it using --arm/-a [IMAGEFILE] on attacker box and then run without args on victim box.
The user that runs the script during exploitation will have to be in the lxd group on linux in order for it to work.
You can arm the script with an image without being in the group.
The script is self-contained and only rely on python3(.5+). Just download it from here and arm it with your favorit lxd image (or use one of the other methods).
You will need an lxd image file. You can either use the provided one which is a simple Alpine image or you can roll your own via the LXD Alpine Builder.
There are really no special requirements for the image, but Alpine is small and works. It will add around 4mb in size if embedded in the script with the arm feature.
Feel free to send me any comments or ideas for this script. I will be happy to integrate pull-requests if you have some improvements.