Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
public:wipeliveserver [2019/03/13 16:58] – created Nicopublic:wipeliveserver [2023/11/19 22:00] (current) – update code with final version Nico
Line 1: Line 1:
-<note important>WIP</note>Wipe a living server. Tested on Debian 7.x+====== Wipe/shred/nuke a living server ======
  
-<pre> +<note important>WIP. Only tested on Debian 7.x</note> 
-mkdir /tmp/tmproot +
-mount -t tmpfs none /tmp/tmproot +
-mkdir /tmp/tmproot/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot} +
-mkdir -p /tmp/tmproot/usr/bin +
-mkdir -p /tmp/tmproot/dev/pts +
-mkdir -p /tmp/tmproot/lib/x86_64-linux-gnu /tmp/tmproot/lib64 /tmp/tmproot/usr/share /tmp/tmproot/usr/lib/x86_64-linux-gnu /tmp/tmproot/var/run/screen+
  
-#tmux +<code bash> 
-cp -vrp /usr/share/terminfo /tmp/tmproot/usr/share/ +#!/bin/bash
-cp -vrp /usr/lib/x86_64-linux-gnu/libevent* /tmp/tmproot/usr/lib/x86_64-linux-gnu/ +
-cp -vrp /lib/x86_64-linux-gnu/* /tmp/tmproot/lib/x86_64-linux-gnu/ +
-cp -vrp /lib64/ld-linux-x86-64.so.2 /tmp/tmproot/lib64/ +
-cp -vrp /sbin/* /tmp/tmproot/sbin/ +
-cp -vrp /bin/* /tmp/tmproot/bin/ +
-cp -vrp /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux /tmp/tmproot/usr/bin/+
  
-#cp -/dev/zero /dev/random /dev/sda /tmp/tmproot/dev+script used to chroot/pivot live system on tmpfs in order to wipe it 
-cp -a /dev//tmp/tmproot/dev/+# only tested with Debian 7.11 
 +
 +# first copy and execute it: 
 +# scp pivotroot.sh root@<remote_host>:/tmp/ 
 +# ssh root@<remote_host> bash /tmp/pivotroot.sh 
 +
 +# you will then be able to connect again to it on port 666 (change it if you like) and do what you want 
 +
 +# note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell) 
 +#
  
-mount -t proc proc /tmp/tmproot/proc +apt-get install -y dropbear screen tmux
-mount --bind /dev/pts /tmp/tmproot/dev/pts +
-chmod g+w /tmp/tmproot/run  +
-chmod a+x /tmp/tmproot/tmp+
  
-apt-get install -y dropbear +CHROOTDIR='/tmp/tmproot
-cp /usr/sbin/dropbear /tmp/tmproot/sbin/ +CHROOTPORT=666 
-#cp -vrp /etc/dropbear /tmp/tmproot/etc+ 
-#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells /tmp/tmproot/etc+mkdir ${CHROOTDIR} 
-cp -vrp /etc//tmp/tmproot/etc/ +mount -t tmpfs none ${CHROOTDIR} 
-echo "" > /root/.bash_history + 
-echo "TERM=xterm-16color" >>.profile+mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot} 
 +mkdir -p ${CHROOTDIR}/usr/bin 
 +mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen 
 + 
 +mount -t proc proc ${CHROOTDIR}/proc 
 +mount --bind /dev ${CHROOTDIR}/dev 
 +mount --bind /dev/pts ${CHROOTDIR}/dev/pts
 mount --make-rprivate / # necessary for pivot_root to work mount --make-rprivate / # necessary for pivot_root to work
-pivot_root /tmp/tmproot /tmp/tmproot/oldroot 
-/sbin/dropbear -p 666 
  
-ssh -p 666 root@host+cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/ 
 +cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/ 
 +cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/ 
 +cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/ 
 +cp -vrp /sbin/* ${CHROOTDIR}/sbin/ 
 +cp -vrp /bin/* ${CHROOTDIR}/bin/ 
 +cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/ 
 +cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/ 
 + 
 +#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/ 
 +#cp -vrp /etc/dropbear ${CHROOTDIR}/etc/ 
 +cp -vrp /etc/* ${CHROOTDIR}/etc/ 
 + 
 +chmod g+w ${CHROOTDIR}/run  
 + 
 +echo "" > ${CHROOTDIR}/root/.bash_history 
 +
 +  echo "TERM=xterm-16color" #necessary for tmux/screen to work 
 +  echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\""  
 +  echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\""  
 +} >> ${CHROOTDIR}/root/.profile  
 + 
 +pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot 
 +/sbin/dropbear -p ${CHROOTPORT}
  
-tmux -s shred +echo 
-#shred --/dev/sda+echo "system pivot-rooted." 
 +echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@$(hostname), launch screen/tmux and shred" 
 +echo "and finaly use reboot or halt commands (warning: they are not the real thing...)" 
 +echo 
 +echo "happy wiping!" 
 +echo
  
-ssh -p 666 root@host +</code>
-#tmux a -t shred +
-#echo "o" > /proc/sysrq-trigger +
-</pre>+