PORT=$RANDOM
echo $PORT
chmod +x busybox
./busybox mkdir -p old_root
./busybox mount -t tmpfs tmp tmp
./busybox mount -t proc proc proc
./busybox mount -t sysfs sys sys
./busybox mount -t devtmpfs devtmpfs dev
if ! ./busybox mount -t devpts devpts /dev/pts; then
./busybox mount -t tmpfs dev dev
./busybox cp -a /dev/* dev/
./busybox rm -rf dev/pts
./busybox mkdir dev/pts
fi
mkdir dev/pts
./busybox mount -t devpts devpts dev/pts
/usr/bin/passwd#cp -a /root/.ssh/ $TO/root/&&chroot $TO /bin/ash
/usr/bin/ssh-keygen -A
/usr/sbin/sshd -p $PORT
logout
./busybox mount --make-rprivate /
./busybox pivot_root . old_root
this part
and "reboot" let init re-excuting init
(aftre kill all of old_root process)
umount /old_root/dev/pts
umount /old_root/dev/shm
umount /old_root/dev
umount -l /old_root/proc
umount -l /old_root/sys
rm /dev/null
umount -l /old_root
mknod -m 666 /dev/null c 1 3
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org yum install https://www.elrepo.org/elrepo-release-6-9.el6.elrepo.noarch.rpm yum --enablerepo=elrepo-kernel install kernel-lt TO=/alpine yum install git swapoff -a mkdir $TO mount -t tmpfs tmpfs $TO git clone https://github.com/marcan/takeover.sh $TO cd $TO curl -L https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64 > busybox curl -L http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-minirootfs-3.10.2-x86_64.tar.gz|gzip -dc|tar xv cp /etc/resolv.conf etc cp -a /lib/modules lib cp /etc/sysconfig/network-scripts/ifcfg-eth0 ./ sed -i 's/bin\/passwd/usr\/bin\/passwd/g' takeover.sh chroot . /bin/ash apk update&&apk add openssh-server shadow tmux bash alpine-sdk&&gcc /fakeinit.c -o /fakeinit&&apk del alpine-sdk echo PermitRootLogin yes >>/etc/ssh/sshd_config
exec part of init (cannot use telinit)
PORT=$RANDOM echo $PORT chmod +x busybox ./busybox mkdir -p old_root ./busybox mount -t tmpfs tmp tmp ./busybox mount -t proc proc proc ./busybox mount -t sysfs sys sys
./busybox mount -t devtmpfs devtmpfs dev
if ! ./busybox mount -t devpts devpts /dev/pts; then ./busybox mount -t tmpfs dev dev ./busybox cp -a /dev/* dev/ ./busybox rm -rf dev/pts ./busybox mkdir dev/pts fi mkdir dev/pts ./busybox mount -t devpts devpts dev/pts /usr/bin/passwd#cp -a /root/.ssh/ $TO/root/&&chroot $TO /bin/ash /usr/bin/ssh-keygen -A /usr/sbin/sshd -p $PORT logout
./busybox mount --make-rprivate / ./busybox pivot_root . old_root
this part and "reboot" let init re-excuting init (aftre kill all of old_root process) umount /old_root/dev/pts umount /old_root/dev/shm umount /old_root/dev umount -l /old_root/proc umount -l /old_root/sys rm /dev/null umount -l /old_root mknod -m 666 /dev/null c 1 3