Last active
April 4, 2024 21:13
-
-
Save Fonger/56c79d2c59a10960eae1cf41dd6c41f0 to your computer and use it in GitHub Desktop.
create an isolated mongo shell with chroot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#check dependencies | |
for i in `ldd /usr/bin/mongo`;do echo $i;done |grep -v = |grep -v 0x |grep /|xargs ls -l | |
# manually copy the lib dependencies shown above to choot path | |
cp xxxxx yyyyy... /path/to/root/of/chroot | |
# create an user without home directory & login permission | |
sudo useradd -M -s /bin/false mongoshell | |
# chroot to the shell and disable critical native method | |
# you should also specify mongo auth user here | |
sudo USER=mongoshell HOME=/home/mongoshell chroot --userspec mongoshell:mongoshell . /usr/bin/mongo --eval "(function(global) {['Mongo', 'connect', 'load', 'getHostName', 'removeFile', 'copyFile', 'writeFile', 'listFiles', 'ls', 'pwd', 'cd', 'cat', 'hostname', 'md5sumFile', 'mkdir', 'getMemInfo', '_replMonitorStats', '_setShellFailPoint', 'interpreterVersion', 'getBuildInfo', 'computeSHA256Block', 'convertShardKeyToHashed', 'fileExists', 'benchRun', 'benchRunSync', 'benchStart', 'benchFinish', '_startMongoProgram', 'runProgram', 'run', '_runMongoProgram', '_stopMongoProgram', 'stopMongoProgramByPid', 'rawMongoProgramOutput', 'clearRawMongoProgramOutput', 'waitProgram', 'checkProgram', 'resetDbpath', 'pathExists', 'copyDbpath'].forEach((method) => {global[method] = function QQQ() {if (this instanceof QQQ) {a = new TypeError(method + ' is not a constructor');g = a.stack.split('\n');g.splice(0, 1);a.stack = g.join('\n');throw a;}return (method + ' is disabled in Chembase Web Shell');};global[method].__proto__ = hex_md5.__proto__;global[method].toString = () => '[native method]';})})(this);" --shell --quiet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment