Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
public:wipeliveserver [2019/03/14 11:01] – don't mess with host's files Nico | public:wipeliveserver [2023/11/19 22:00] (current) – update code with final version Nico | ||
---|---|---|---|
Line 3: | Line 3: | ||
<note important> | <note important> | ||
- | < | + | < |
- | mkdir /tmp/ | + | #!/bin/bash |
- | mount -t tmpfs none / | + | |
- | mkdir / | + | |
- | mkdir -p / | + | |
- | mkdir -p / | + | |
- | mkdir -p / | + | |
- | #tmux | + | # script used to chroot/pivot a live system on tmpfs in order to wipe it |
- | cp -vrp / | + | # only tested with Debian 7.11 |
- | cp -vrp / | + | # |
- | cp -vrp / | + | # first copy and execute it: |
- | cp -vrp / | + | # scp pivotroot.sh root@< |
- | cp -vrp / | + | # ssh root@< |
- | cp -vrp /bin/* / | + | # |
- | cp -vrp / | + | # you will then be able to connect again to it on port 666 (change it if you like) and do what you want |
+ | # | ||
+ | # note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell) | ||
+ | # | ||
- | #cp -a /dev/zero /dev/random /dev/sda / | + | apt-get install |
- | cp -a /dev/* / | + | |
- | mount -t proc proc / | + | CHROOTDIR=' |
- | mount --bind /dev/pts / | + | CHROOTPORT=666 |
- | chmod g+w / | + | |
- | chmod a+x / | + | |
- | apt-get install -y dropbear | + | mkdir ${CHROOTDIR} |
- | cp /usr/ | + | mount -t tmpfs none ${CHROOTDIR} |
- | #cp -vrp /etc/ | + | |
- | #cp -vrp /etc/passwd* | + | mkdir ${CHROOTDIR}/{bin, |
- | cp -vrp /etc/* / | + | mkdir -p ${CHROOTDIR}/usr/bin |
- | echo "" | + | mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen |
- | echo " | + | |
+ | mount -t proc proc ${CHROOTDIR}/proc | ||
+ | mount --bind | ||
+ | mount --bind /dev/pts ${CHROOTDIR}/dev/pts | ||
mount --make-rprivate / # necessary for pivot_root to work | mount --make-rprivate / # necessary for pivot_root to work | ||
- | pivot_root / | ||
- | / | ||
- | ssh -p 666 root@host | + | cp -vrp / |
+ | cp -vrp / | ||
+ | cp -vrp / | ||
+ | cp -vrp / | ||
+ | cp -vrp /sbin/* ${CHROOTDIR}/ | ||
+ | cp -vrp /bin/* ${CHROOTDIR}/ | ||
+ | cp -vrp /usr/bin/id / | ||
+ | cp -vrp / | ||
+ | |||
+ | #cp -vrp / | ||
+ | #cp -vrp / | ||
+ | cp -vrp /etc/* ${CHROOTDIR}/ | ||
+ | |||
+ | chmod g+w ${CHROOTDIR}/ | ||
+ | |||
+ | echo "" | ||
+ | { | ||
+ | echo " | ||
+ | echo "alias halt=\" | ||
+ | echo "alias reboot=\" | ||
+ | } >> ${CHROOTDIR}/ | ||
+ | |||
+ | pivot_root ${CHROOTDIR} ${CHROOTDIR}/ | ||
+ | / | ||
- | tmux -s shred | + | echo |
- | # | + | echo " |
+ | echo "you can now connect with ssh -o StrictHostKeyChecking=no | ||
+ | echo "and finaly use reboot or halt commands (warning: they are not the real thing...)" | ||
+ | echo | ||
+ | echo "happy wiping!" | ||
+ | echo | ||
- | ssh -p 666 root@host | ||
- | #tmux a -t shred | ||
- | #echo " | ||
</ | </ |