perf(exp) #62: add recommend message for lxcfs-rw and `lxcfs-rw-cgr…

…oup`

pkg/evaluate/check_mount_escape.go

@@ -84,7 +84,7 @@ func MountEscape() {
 			}
 		}
 		if m.Device == "lxcfs" && strings.Contains(m.Flags,"rw"){
-			fmt.Println("Find mounted lxcfs with rw flags, run `cdk run lxcfs-rw` to escape container!")
+			fmt.Println("Find mounted lxcfs with rw flags, run `cdk run lxcfs-rw` or `cdk run lxcfs-rw-cgroup` to escape container!")
 			fmt.Printf("Device:%s Path:%s Filesystem:%s Flags:%s\n", m.Device, m.Path, m.Filesystem, m.Flags)
 		}
 	}

pkg/exploit/lxcfs_rw_cgroup.go

@@ -107,6 +107,7 @@ func ExploitLXCFSCgroup() bool {
 	}
 	if subSystemName = FindReleaseAgentSubSystem(); subSystemName == "" {
 		log.Printf("find release agent subsystem error")
+		log.Printf("you can try another way to exploit, recommend: `./cdk run lxcfs-rw")
 		return false
 	}
 

pkg/exploit/lxcfs_rw_mknod.go

@@ -141,15 +141,27 @@ func ExploitLXCFS() bool {
 			return false
 		}
 		log.Printf("exploit success, run \"debugfs -w host_dev\".")
+		if !CheckDebugfs() {
+			log.Printf("if debugfs can not used, may be you can try to run `./cdk run lxcfs-rw-cgroup 'shell-cmd-payloads`")
+		}
 		return true
 	}
 	return false
 }
 
+// CheckDebugfs check if debugfs is installed
+func CheckDebugfs() bool {
+	_, err := os.Stat("/usr/bin/debugfs")
+	if err != nil {
+		return false
+	}
+	return true
+}
+
 type lxcfsRWS struct{}
 
 func (l lxcfsRWS) Desc() string {
-	return "escape container by syscall mknod when root has LXCFS read & write privilege,  usage: `./cdk run lxcfs-rw-mknod`"
+	return "escape container by syscall mknod when root has LXCFS read & write privilege,  usage: `./cdk run lxcfs-rw`"
 }
 
 func (l lxcfsRWS) Run() bool {
@@ -158,5 +170,5 @@ func (l lxcfsRWS) Run() bool {
 
 func init() {
 	exploit := lxcfsRWS{}
-	plugin.RegisterExploit("lxcfs-rw-mknod", exploit)
+	plugin.RegisterExploit("lxcfs-rw", exploit)
 }