forked from marcan/takeover.sh
/
takeover.sh
executable file
·88 lines (66 loc) · 2.07 KB
/
takeover.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/bin/sh
set -e
TO=/takeover
OLD_TELINIT=/sbin/telinit
PORT=80
cd "$TO"
if [ ! -e fakeinit ]; then
./busybox echo "Please compile fakeinit.c first"
exit 1
fi
./busybox echo "Please set a root password for sshd"
./busybox chroot . /bin/passwd
./busybox echo "Setting up target filesystem..."
./busybox rm -f etc/mtab
./busybox ln -s /proc/mounts etc/mtab
./busybox mkdir -p old_root
./busybox echo "Mounting pseudo-filesystems..."
./busybox mount -t tmpfs tmp tmp
./busybox mount -t proc proc proc
./busybox mount -t sysfs sys sys
if ! ./busybox mount -t devtmpfs dev dev; then
./busybox mount -t tmpfs dev dev
./busybox cp -a /dev/* dev/
./busybox rm -rf dev/pts
./busybox mkdir dev/pts
fi
./busybox mount -t devpts devpts dev/pts
TTY="$(./busybox tty)"
./busybox echo "Checking and switching TTY..."
exec <"$TO/$TTY" >"$TO/$TTY" 2>"$TO/$TTY"
./busybox echo "Type 'OK' to continue"
./busybox echo -n "> "
read a
if [ "$a" != "OK" ] ; then
exit 1
fi
./busybox echo "Preparing init..."
./busybox cp $OLD_TELINIT tmp/telinit
./busybox cat >tmp/init <<EOF
#!${TO}/busybox sh
exec <"${TO}/${TTY}" >"${TO}/${TTY}" 2>"${TO}/${TTY}"
cd "${TO}"
./busybox echo "Init takeover successful"
./busybox echo "Pivoting root..."
./busybox pivot_root . old_root
./busybox echo "Chrooting and running init..."
exec ./busybox chroot . /fakeinit
EOF
./busybox chmod +x tmp/init
./busybox echo "Starting secondary sshd"
./busybox chroot . /usr/bin/ssh-keygen -A
./busybox chroot . /usr/sbin/sshd -p $PORT
./busybox echo "You should SSH into the secondary sshd now."
./busybox echo "Type OK to continue"
./busybox echo -n "> "
read a
if [ "$a" != "OK" ] ; then
exit 1
fi
./busybox echo "About to take over init. This script will now pause for a few seconds."
./busybox echo "If the takeover was successful, you will see output from the new init."
./busybox echo "You may then kill the remnants of this session and any remaining"
./busybox echo "processes from your new SSH session, and umount the old root filesystem."
./busybox mount --bind tmp /sbin
./tmp/telinit u
./busybox sleep 10