Linux ip-172-26-7-228 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64
Apache
: 172.26.7.228 | : 52.14.7.53
Cant Read [ /etc/named.conf ]
5.6.40-24+ubuntu18.04.1+deb.sury.org+1
www-data
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
share /
cryptsetup /
initramfs /
bin /
[ HOME SHELL ]
Name
Size
Permission
Action
cryptroot-unlock
5.51
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : cryptroot-unlock
#!/bin/busybox ash # Remotely unlock encrypted volumes. # # Copyright © 2015-2017 Guilhem Moulin <guilhem@debian.org> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. set -ue PATH=/sbin:/bin TIMEOUT=10 PASSFIFO=/lib/cryptsetup/passfifo ASKPASS=/lib/cryptsetup/askpass UNLOCK_ALL=n # The list of configured devices to unlock. # TODO refactor: this code should be shared with the cryptroot boot script if grep -qE '^(.*\s)?cryptopts=' /proc/cmdline; then CRYPTDEVS=$(tr ' ' '\n' </proc/cmdline | sed -nr 's/^cryptopts=(.*,)?target=([^[:blank:],]+)(,.*)?$/\2/p') else CRYPTDEVS=$(sed -nr 's/^(.*,)?target=([^[:blank:],]+)(,.*)?$/\2/p' /conf/conf.d/cryptroot) fi # Print the list of PIDs the executed command of which is $exe. pgrep_exe() { local exe="$1" pid ps | awk '{print $1, $5}' | while read LINE; do set $LINE local pid=$1 local cmd=$2 if [ "$cmd" == "$exe" ]; then echo $pid break fi done } # Return 0 if $pid has a file descriptor pointing to $name, and 1 # otherwise. in_fds() { local pid="$1" name="$2" fd for fd in $(find "/proc/$pid/fd" -type l); do [ "$(readlink -f "$fd")" != "$name" ] || return 0 done return 1 } # Print the PID of the askpass process with a file descriptor opened to # /lib/cryptsetup/passfifo. get_askpass_pid() { local pid for pid in $(pgrep_exe "$ASKPASS"); do if in_fds "$pid" "$PASSFIFO"; then echo "$pid" return 0 fi done return 1 } # Print the number of configured crypt devices that have not been unlocked yet. count_locked_devices() { local dev n=0 for dev in $CRYPTDEVS; do [ -b "/dev/mapper/$dev" ] || n=$(( $n + 1 )) done echo $n } # Return 0 if the $target is in $CRYPTDEVS, and 1 otherwise. is_device_known() { local dev target="$1" for dev in $CRYPTDEVS; do [ "$dev" != "$target" ] || return 0 done return 1 } # Wait for askpass, then set $PID (resp. $BIRTH) to the PID (resp. # birth date) of the cryptsetup process with same $CRYPTTAB_NAME. wait_for_prompt() { local pid timer num_locked_devices=-1 n # wait for the fifo while :; do n=$(count_locked_devices) if [ $n -eq 0 ]; then # all configured devices have been unlocked, we're done exit 0 elif [ $num_locked_devices -lt 0 ] || [ $n -lt $num_locked_devices ]; then # reset $timer if a device was unlocked (for instance using # a keyscript) while we were waiting timer=$(( 10 * $TIMEOUT )) fi num_locked_devices=$n if pid=$(get_askpass_pid) && [ -p "$PASSFIFO" ]; then break fi sleep 0.1 timer=$(( $timer - 1 )) if [ $timer -le 0 ]; then echo "Error: Timeout reached while waiting for askpass." >&2 exit 1 fi done # find the cryptsetup process with same $CRYPTTAB_NAME eval $(tr '\0' '\n' < "/proc/$pid/environ" | grep -E '^CRYPTTAB_(NAME|TRIED|SOURCE)=') if ! is_device_known "$CRYPTTAB_NAME"; then echo "Error: Refusing to process unknown device $CRYPTTAB_NAME" >&2 exit 1 fi for pid in $(pgrep_exe '/sbin/cryptsetup'); do if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then PID=$pid BIRTH=$(stat -c'%Z' "/proc/$PID") return 0; fi done PID= BIRTH= } # Wait until $PID no longer exists or has a birth date greater that # $BIRTH (ie was reallocated). Then return with exit value 0 if # /dev/mapper/$CRYPTTAB_NAME exists, and with exit value 1 if the # maximum number of tries exceeded. Otherwise (if the unlocking # failed), return with value 1. wait_for_answer() { local timer=$(( 10 * $TIMEOUT )) dev until [ ! -d "/proc/$PID" ] || [ $(stat -c'%Z' "/proc/$PID") -gt $BIRTH ]; do sleep 0.1 timer=$(( $timer - 1 )) if [ $timer -le 0 ]; then echo "Error: Timeout reached while waiting for PID $PID." >&2 exit 1 fi done if [ -b "/dev/mapper/$CRYPTTAB_NAME" ]; then echo "cryptsetup: $CRYPTTAB_NAME set up successfully" >&2 [ "$UNLOCK_ALL" = y ] && return 0 || exit 0 elif [ $CRYPTTAB_TRIED -ge 2 ]; then echo "cryptsetup: maximum number of tries exceeded for $CRYPTTAB_NAME" >&2 exit 1 else echo "cryptsetup: cryptsetup failed, bad password or options?" >&2 return 1 fi } if [ -t 0 ] && [ -x "$ASKPASS" ]; then # interactive mode on a TTY: keep trying until all configured devices have # been unlocked or the maximum number of tries exceeded UNLOCK_ALL=y while :; do # note: if the script is not killed before pivot_root it should # exit on its own once $TIMEOUT is reached wait_for_prompt diskname="$CRYPTTAB_NAME" [ "${CRYPTTAB_SOURCE#/dev/disk/by-uuid/}" != "$CRYPTTAB_SOURCE" ] || diskname="$diskname ($CRYPTTAB_SOURCE)" read -rs -p "Please unlock disk $diskname: "; echo printf '%s' "$REPLY" >"$PASSFIFO" wait_for_answer || true done else # non-interactive mode: slurp the passphrase from stdin and exit wait_for_prompt diskname="$CRYPTTAB_NAME" # TODO: refactor $CRYPTTAB_NAME/$CRYPTTAB_SOURCE to prompt mapping [ "${CRYPTTAB_SOURCE#/dev/disk/by-uuid/}" != "$CRYPTTAB_SOURCE" ] || diskname="$diskname ($CRYPTTAB_SOURCE)" echo "Please unlock disk $diskname" cat >"$PASSFIFO" wait_for_answer || exit 1 fi
Close