scripts/pivotroot.sh

#!/bin/bash

# script used to chroot/pivot a live system on tmpfs in order to wipe it
# only tested with Debian 7.11
#
# first copy and execute it:
# scp pivotroot.sh root@<remote_host>:/tmp/
# ssh root@<remote_host> bash /tmp/pivotroot.sh
#
# you will then be able to connect again to it on port 666 (change it if you like) and do what you want
#
# note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell)
#

apt-get install -y dropbear screen tmux

CHROOTDIR='/tmp/tmproot'
CHROOTPORT=666

mkdir ${CHROOTDIR}
mount -t tmpfs none ${CHROOTDIR}

mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot}
mkdir -p ${CHROOTDIR}/usr/bin
mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen

mount -t proc proc ${CHROOTDIR}/proc
mount --bind /dev ${CHROOTDIR}/dev
mount --bind /dev/pts ${CHROOTDIR}/dev/pts
mount --make-rprivate / # necessary for pivot_root to work

cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/
cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/
cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/
cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/
cp -vrp /sbin/* ${CHROOTDIR}/sbin/
cp -vrp /bin/* ${CHROOTDIR}/bin/
cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/
cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/

#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/
#cp -vrp /etc/dropbear ${CHROOTDIR}/etc/
cp -vrp /etc/* ${CHROOTDIR}/etc/

chmod g+w ${CHROOTDIR}/run 

echo "" > ${CHROOTDIR}/root/.bash_history
{
  echo "TERM=xterm-16color" #necessary for tmux/screen to work
  echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\"" 
  echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\"" 
} >> ${CHROOTDIR}/root/.profile 

pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot
/sbin/dropbear -p ${CHROOTPORT}

echo
echo "system pivot-rooted."
echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@$(hostname), launch screen/tmux and shred"
echo "and finaly use reboot or halt commands (warning: they are not the real thing...)"
echo
echo "happy wiping!"
echo
pivotroot.sh to wipe a remote debian machine 2019-03-14 17:18:30 +01:00			`#!/bin/bash`

			`# script used to chroot/pivot a live system on tmpfs in order to wipe it`
			`# only tested with Debian 7.11`
			`#`
			`# first copy and execute it:`
			`# scp pivotroot.sh root@<remote_host>:/tmp/`
			`# ssh root@<remote_host> bash /tmp/pivotroot.sh`
			`#`
			`# you will then be able to connect again to it on port 666 (change it if you like) and do what you want`
			`#`
			`# note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell)`
			`#`

			`apt-get install -y dropbear screen tmux`

			`CHROOTDIR='/tmp/tmproot'`
			`CHROOTPORT=666`

			`mkdir ${CHROOTDIR}`
			`mount -t tmpfs none ${CHROOTDIR}`

			`mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot}`
			`mkdir -p ${CHROOTDIR}/usr/bin`
			`mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen`

			`mount -t proc proc ${CHROOTDIR}/proc`
			`mount --bind /dev ${CHROOTDIR}/dev`
			`mount --bind /dev/pts ${CHROOTDIR}/dev/pts`
			`mount --make-rprivate / # necessary for pivot_root to work`

			`cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/`
			`cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/`
			`cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/`
			`cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/`
			`cp -vrp /sbin/* ${CHROOTDIR}/sbin/`
			`cp -vrp /bin/* ${CHROOTDIR}/bin/`
			`cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/`
			`cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/`

			`#cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/`
			`#cp -vrp /etc/dropbear ${CHROOTDIR}/etc/`
			`cp -vrp /etc/* ${CHROOTDIR}/etc/`

			`chmod g+w ${CHROOTDIR}/run`

			`echo "" > ${CHROOTDIR}/root/.bash_history`
shellcheck fixes (#2) 2023-08-10 21:47:21 +02:00			`{`
			`echo "TERM=xterm-16color" #necessary for tmux/screen to work`
			`echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\""`
			`echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\""`
			`} >> ${CHROOTDIR}/root/.profile`
pivotroot.sh to wipe a remote debian machine 2019-03-14 17:18:30 +01:00
			`pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot`
			`/sbin/dropbear -p ${CHROOTPORT}`

			`echo`
			`echo "system pivot-rooted."`
shellcheck fixes (#2) 2023-08-10 21:47:21 +02:00			`echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@$(hostname), launch screen/tmux and shred"`
pivotroot.sh to wipe a remote debian machine 2019-03-14 17:18:30 +01:00			`echo "and finaly use reboot or halt commands (warning: they are not the real thing...)"`
			`echo`
			`echo "happy wiping!"`
			`echo`