-
Notifications
You must be signed in to change notification settings - Fork 4
/
deploy.sh
executable file
·57 lines (45 loc) · 2.44 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
trap "" 0 1 2 3 9 13 15
# User configuration
HOME_DIRECTORY="/home/spiderpig"
BUILDROOT_IMAGES_PATH="$HOME_DIRECTORY/workspace/buildroot/output/images"
VM_USERNAME="root"
VM_PASSWORD="root"
KERNEL_MODULE_NAME="kunkillable"
CWD=`pwd`
REMOTE_DIR="/root/"`basename $CWD`
SSH_PORT=5555
cd $BUILDROOT_IMAGES_PATH
if pgrep "qemu" > /dev/null
then
echo "[+] QEMU is already running, continuing"
else
echo "[+] running QEMU emulation"
setsid qemu-system-x86_64 -enable-kvm -cpu host -s -kernel bzImage -m 2048 -hda rootfs.qcow2 -append "root=/dev/sda rw nokaslr" -smp 4 -net nic -net user,hostfwd=tcp::$SSH_PORT-:22 &
fi
# Busy loop for waiting for the vm to startup and setup ssh
until sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT -o StrictHostKeyChecking=no -q $VM_USERNAME@localhost exit
do
echo "[+] waiting for the VM to initialize"
sleep 2
done
echo "[+] VM: initialized"
echo "[+] moving kernel module $KERNEL_MODULE_NAME to the vm"
sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost "rm -rf $REMOTE_DIR"
sshpass -p "$VM_PASSWORD" scp -P $SSH_PORT -r $CWD $VM_USERNAME@localhost:$REMOTE_DIR
echo "[+] unloading $KERNEL_MODULE_NAME from the kernel (if exists)"
sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost "rmmod $REMOTE_DIR/$KERNEL_MODULE_NAME.ko"
echo "[+] loading $KERNEL_MODULE_NAME to the kernel"
sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost "insmod $REMOTE_DIR/$KERNEL_MODULE_NAME.ko"
echo "[+] retrieving $KERNEL_MODULE_NAME .text section"
text_address=`sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost cat /sys/module/$KERNEL_MODULE_NAME/sections/.text`
# data_address=`sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost cat /sys/module/$KERNEL_MODULE_NAME/sections/.data`
# bss_address=`sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost cat /sys/module/$KERNEL_MODULE_NAME/sections/.bss`
# echo "add-symbol-file $KERNEL_MODULE_NAME.ko $text_address -s .data $data_address -s .bss $bss_address" > ~/.gdbinit
GDBINIT_PATH=$HOME_DIRECTORY/.gdbinit
echo "set auto-load safe-path /" > $GDBINIT_PATH
echo "add-symbol-file $CWD/$KERNEL_MODULE_NAME.ko $text_address" >> $GDBINIT_PATH
echo "file $CWD/$KERNEL_MODULE_NAME.ko" >> $GDBINIT_PATH
echo "[+] launching SSH connection to the VM"
pkill gnome-terminal
/usr/bin/dbus-launch /usr/bin/gnome-terminal --working-directory=$CWD -e "sshpass -p "$VM_PASSWORD" ssh -p $SSH_PORT $VM_USERNAME@localhost"