#!/bin/bash # script used to chroot/pivot a live system on tmpfs in order to wipe it # only tested with Debian 7.11 # # first copy and execute it: # scp pivotroot.sh root@:/tmp/ # ssh root@ bash /tmp/pivotroot.sh # # you will then be able to connect again to it on port 666 (change it if you like) and do what you want # # note: bash is the default shell under debian so there will be bashisms (don't run it with Bourne shell) # apt-get install -y dropbear screen tmux CHROOTDIR='/tmp/tmproot' CHROOTPORT=666 mkdir ${CHROOTDIR} mount -t tmpfs none ${CHROOTDIR} mkdir ${CHROOTDIR}/{bin,sbin,proc,sys,dev,run,usr,var,tmp,etc,root,oldroot} mkdir -p ${CHROOTDIR}/usr/bin mkdir -p ${CHROOTDIR}/lib/x86_64-linux-gnu ${CHROOTDIR}/lib64 ${CHROOTDIR}/usr/share ${CHROOTDIR}/usr/lib/x86_64-linux-gnu ${CHROOTDIR}/var/run/screen mount -t proc proc ${CHROOTDIR}/proc mount --bind /dev ${CHROOTDIR}/dev mount --bind /dev/pts ${CHROOTDIR}/dev/pts mount --make-rprivate / # necessary for pivot_root to work cp -vrp /usr/share/terminfo ${CHROOTDIR}/usr/share/ cp -vrp /usr/lib/x86_64-linux-gnu/libevent* ${CHROOTDIR}/usr/lib/x86_64-linux-gnu/ cp -vrp /lib/x86_64-linux-gnu/* ${CHROOTDIR}/lib/x86_64-linux-gnu/ cp -vrp /lib64/ld-linux-x86-64.so.2 ${CHROOTDIR}/lib64/ cp -vrp /sbin/* ${CHROOTDIR}/sbin/ cp -vrp /bin/* ${CHROOTDIR}/bin/ cp -vrp /usr/bin/id /usr/bin/shred /usr/bin/ldd /usr/bin/screen /usr/bin/tmux ${CHROOTDIR}/usr/bin/ cp -vrp /usr/sbin/dropbear ${CHROOTDIR}/sbin/ #cp -vrp /etc/passwd* /etc/shadow* /etc/group* /etc/shells ${CHROOTDIR}/etc/ #cp -vrp /etc/dropbear ${CHROOTDIR}/etc/ cp -vrp /etc/* ${CHROOTDIR}/etc/ chmod g+w ${CHROOTDIR}/run echo "" > ${CHROOTDIR}/root/.bash_history { echo "TERM=xterm-16color" #necessary for tmux/screen to work echo "alias halt=\"echo 'o' > /proc/sysrq-trigger\"" echo "alias reboot=\"echo 'b' > /proc/sysrq-trigger\"" } >> ${CHROOTDIR}/root/.profile pivot_root ${CHROOTDIR} ${CHROOTDIR}/oldroot /sbin/dropbear -p ${CHROOTPORT} echo echo "system pivot-rooted." echo "you can now connect with ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p ${CHROOTPORT} root@$(hostname), launch screen/tmux and shred" echo "and finaly use reboot or halt commands (warning: they are not the real thing...)" echo echo "happy wiping!" echo