Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
public:wipeliveserver [2019/03/13 16:58] – created Nico | public:wipeliveserver [2023/11/19 22:00] (current) – update code with final version Nico | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | <note important> | + | ====== |
- | <pre> | + | <note important>WIP. Only tested on Debian 7.x</note> |
- | mkdir /tmp/ | + | |
- | mount -t tmpfs none / | + | |
- | mkdir / | + | |
- | mkdir -p / | + | |
- | mkdir -p / | + | |
- | mkdir -p / | + | |
- | #tmux | + | <code bash> |
- | cp -vrp / | + | #!/bin/bash |
- | cp -vrp / | + | |
- | cp -vrp / | + | |
- | cp -vrp / | + | |
- | cp -vrp /sbin/* / | + | |
- | cp -vrp /bin/* / | + | |
- | cp -vrp / | + | |
- | #cp -a /dev/zero /dev/random / | + | # script used to chroot/ |
- | cp -a / | + | # only tested with Debian 7.11 |
+ | # | ||
+ | # first copy and execute it: | ||
+ | # scp pivotroot.sh root@< | ||
+ | # ssh root@< | ||
+ | # | ||
+ | # you will then be able to connect again to it on port 666 (change it if you like) and do what you want | ||
+ | # | ||
+ | # note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell) | ||
+ | # | ||
- | mount -t proc proc / | + | apt-get install |
- | mount --bind /dev/pts / | + | |
- | chmod g+w / | + | |
- | chmod a+x / | + | |
- | apt-get install -y dropbear | + | CHROOTDIR=' |
- | cp / | + | CHROOTPORT=666 |
- | #cp -vrp /etc/ | + | |
- | #cp -vrp /etc/passwd* | + | mkdir ${CHROOTDIR} |
- | cp -vrp /etc/* /tmp/tmproot/etc/ | + | mount -t tmpfs none ${CHROOTDIR} |
- | echo "" | + | |
- | echo " | + | mkdir ${CHROOTDIR}/{bin,sbin, |
+ | mkdir -p ${CHROOTDIR}/usr/bin | ||
+ | mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen | ||
+ | |||
+ | mount -t proc proc ${CHROOTDIR}/proc | ||
+ | mount --bind /dev ${CHROOTDIR}/dev | ||
+ | mount --bind | ||
mount --make-rprivate / # necessary for pivot_root to work | mount --make-rprivate / # necessary for pivot_root to work | ||
- | pivot_root / | ||
- | / | ||
- | ssh -p 666 root@host | + | cp -vrp / |
+ | cp -vrp / | ||
+ | cp -vrp / | ||
+ | cp -vrp / | ||
+ | cp -vrp /sbin/* ${CHROOTDIR}/ | ||
+ | cp -vrp /bin/* ${CHROOTDIR}/ | ||
+ | cp -vrp /usr/bin/id / | ||
+ | cp -vrp / | ||
+ | |||
+ | #cp -vrp / | ||
+ | #cp -vrp / | ||
+ | cp -vrp /etc/* ${CHROOTDIR}/ | ||
+ | |||
+ | chmod g+w ${CHROOTDIR}/ | ||
+ | |||
+ | echo "" | ||
+ | { | ||
+ | echo " | ||
+ | echo "alias halt=\" | ||
+ | echo "alias reboot=\" | ||
+ | } >> ${CHROOTDIR}/ | ||
+ | |||
+ | pivot_root ${CHROOTDIR} ${CHROOTDIR}/ | ||
+ | / | ||
- | tmux -s shred | + | echo |
- | # | + | echo " |
+ | echo "you can now connect with ssh -o StrictHostKeyChecking=no | ||
+ | echo "and finaly use reboot or halt commands (warning: they are not the real thing...)" | ||
+ | echo | ||
+ | echo "happy wiping!" | ||
+ | echo | ||
- | ssh -p 666 root@host | + | </code> |
- | #tmux a -t shred | + | |
- | #echo " | + | |
- | </pre> | + |