Blog Post: https://reboare.github.io/lxd/lxd-esc...

01:28 - Begin of recon
02:20 - GoBuster
03:30 - admin.php discovered, finding the pw
04:50 - Getting Code Execution
07:45 - Finding out why Reverse Shells weren't working
09:45 - Getting a reverse shell by renaming nc
11:30 - Transfering files via nc
14:00 - Opening the wav file
16:25 - Using audiodiff to identify differences in sound
17:05 - The next step, why is the same song there twice?
19:25 - Importing files into Audacity and Inverting
22:25 - Attempting to exploit the process blacklist
24:25 - Unintended root LXC Background
28:30 - Creating an Alpine LXC
30:40 - Importing the image into lxc
32:00 - Creating the container
32:40 - Adding the host drive to container
34:20 - Starting the container and entering it
35:05 - Examining the Process Blacklist script
35:54 - Running through the exploit again on a Ubuntu Host